Commentary

Something Phishy About AI: Threat Actors Are Using It In Email Attacks

Cyber criminals have discovered artificial intelligence (AI).

Of business email compromise (BEC) attacks launched in Q2, 40% were AI-generated, with AI creating the entire message in some cases, according to the Q2 2024 Email Threat Trends Report from VIPRE Security Group.

And it could get worse. 

“The next wave of BEC attacks could see attackers using AI to dynamically analyze and exploit real-time information, creating tailored and contextually accurate scams nearly indistinguishable from genuine correspondence,” says Usman Choudhary, chief product and technology officer, VIPRE Security Group.

Moreover, 49% of all detected spam emails are BEC scams, most often targeting the CEO, followed by human resources (HR) and information technology (IT). 

These were not the only findings that should be unsettling to legitimate emailers. 

advertisement

advertisement

Another area of concern is that the manufacturing sector received 25% of email attacks in Q2 -- topping the list, although down from 43% in Q1. Retail accounted for 20% and real estate received 11%. 

In 2023, finance was No. 1 with 25% and retail was not a target. 

In addition, there has been a dramatic turn away from putting attachments into emails and an upturn in links. In Q1, 78% of malicious spam or malware (malspam) emails contained malicious attachments, but that percentage fell to 14% in Q2. The remaining 86% had links.

The latter may be explained by the growing difficulty in detecting malicious links — these typically led to seemingly legitimate websites that harbor infected links.

Cloudflare Turnstile, an alternative to CAPTCHA, was used in 51% of phishing emails. 

“As AI technology advances, the potential for BEC attacks grows exponentially,” Choudhary says. “Malefactors are now leveraging sophisticated AI algorithms to craft compelling phishing emails, mimicking the tone and style of legitimate communications.” 

 

Next story loading loading..