Phishing attacks are nothing new, in fact they’re one of the most typical social engineering techniques cyber criminals use to get confidential information from people. And these types of attacks have been on the rise. In Q3 2023, more than 493.2m phishing emails were sent – an increase of 173% from the previous quarter. But it’s not just limited to email, as social media phishing cases are on the rise too. In the same quarter, 16,657 unique URLs pretending to be Facebook were used.
Many people are confident they could spot phishing emails as they know what to look for: dodgy branding, misspelled email address, typos etc. However, this isn’t always the case. In 2022, for example, cyber criminals used Microsoft branding or products in over 30m malicious messages. And direct financial loss from successful phishing attacks increased by 76%.
Generative AI behind the rise in attacks
This is only set to increase as a result of generative AI, which has been a major topic of conversation over the last 15 months since Chat GPT launched. As this type of technology becomes more sophisticated, it will pose even more of a threat. According to the NCSC (part of the UK’s spy agency, GCHQ), “To 2025, generative AI and large language models will make it difficult for everyone, regardless of their level of cybersecurity understanding, to assess whether an email or password reset request is genuine, or to identify phishing, spoofing or social engineering attempts.”
Generative AI not only lowers the barrier to entry for realistic phishing attacks, allowing anyone to create malicious email copy, but it also enables this type of attack to be scaled more easily. For a realistic attack, the content of the email must resonate with the receiver, which requires some research into that person. With generative AI, this can be done much quicker.
Ransomware attacks on the rise too
Alongside phishing attacks, ransomware attacks have also increased thanks to the help of generative AI, which can be used to help identify targets more easily. All this has led government agencies to warn businesses about these growing threats. In the UK, for example, the government has set out new guidelines – the “Cyber Governance Code of Practice” – encouraging businesses to equip themselves to recover from ransomware attacks. This intends to place information security on the same level as financial and legal management.
For now, the best way for companies to protect themselves is to keep on top of the changes to cybercrime, particularly how hackers are using generative AI for social engineering attacks, and to train staff on what to look for when assessing a potential phishing threat.