One fine morning, you’re scrolling social media and sipping your cup of coffee in peace. Out of the blue, you receive an email from your bank security team:
Subject: URGENT: Unusual Login Attempt Detected on Your Account
From: [[email protected]]
Dear John, We have detected an unusual login attempt on your account from an unrecognized device in Detroit, Michigan. Time: March 15, 2025, 10:42 AM Device: Windows 10, Chrome Browser IP Address: 203.123.45.67 For your security, we have temporarily locked your bank account. If this was you, please confirm your identity immediately to restore access. Click below to verify your details: Verify My Account If you do not verify your account within 24 hours, it will be permanently disabled for security reasons. Stay safe, Bank Security Team
Panicking, you quickly click the link to restore access. A website opens up and closes the browser. Nothing happens. You click again, but the result is the same. In a few minutes, before you can even contact your bank, your account is empty.
Congratulations, you’ve been the victim of a phishing scam.
While this may seem dubious and something you won’t fall for, over 80 million Americans fell prey to such scams and lost more than $10 billion in 2024 alone.
What Is Phishing?
Consider this to be a type of fraud in which scammers fish for victims.
Jokes aside, phishing is a serious scam in which malicious actors claim to be genuine representatives from reputable companies, making individuals give away personal information by sending convincing emails, SMS, videos, links, or calls. It usually results in loss of money, information, or identity theft.
What Role Does AI Play?
We will have to bid adieu to our famous Nigerian Prince, primarily due to the advent of Artificial Intelligence (AI). AI now holds the power to unlock more sophisticated and intricate methods to dupe people. Below are some ways in which AI has been leveraged for deceit:
1. Polished E-mails
Leaked databases, social media, and accessible public records can enable individuals to craft hyper-personalized emails. AI can put together information like real names, recent locations you visited, job roles, and even recent interactions to entice you to click on something. Opening the document could lead to some form of malware entering and corrupting your computer system.
2. Deepfake Video
Deepfake technology has improved by leaps and bounds in just a couple of years, churning out convincing videos at a rapid rate. Malignant actors can use this tool in many ways to cajole or extort money from their victims. Creative fraudsters managed to dupe a finance manager out of 25 million dollars by pretending to be the company’s Chief Financial Officer at an internal video conference.
3. AI-Generated Voice
Apart from videos, AI can also very accurately mimic voices. It can adjust the final output to accommodate accents, pauses, and other personal quirks of speech. This cloning can be done based on a few short sample voice notes. This can be used by phishers to impersonate CEOs, finance managers, family members, and law enforcement, or government agents to extract large sums of money. For instance, someone from the accounts department can receive a voie note allegedly from the finance head, requesting an urgent transfer of money to a supplier’s account with more details to be sent shortly by email. An inexperienced employee could be duped by this trick, leading to the loss of funds.
4. AI-Powered Fake Websites
AI has also enabled the creation of more convincing fake websites with more eloquent text, matching visuals, realistic links, and on-brand tone. Phishing websites aim to extract personal information like email, passwords, credit card details, and social security numbers to earn illicit money. Recently, in the US, many websites impersonating the IRS popped up right around Tax Day, leading to many taxpayers falling prey to this neat trick.
5. AI-Generated Code
Large Language Models (LLMs) have allowed cybercriminals to scale up their attacks with minimal effort. AI-generated code is helping attackers build harmful phishing scripts, automated exploits, and sophisticated attack infrastructure to attack at scale with a rapid pace. The proficiency of emergent LLMs like WormGPT and FraudGPT has allowed coders to build code that can:
- Bypass two-factor authentication of browsers
- Create pixel-perfect clones of banking and e-commerce websites
- Program AI chatbots are designed to extract sensitive information
- Generate self-modifying code to battle antivirus scans
- Launch CAPTCHA-solving bots to launch large-scale phishing attacks
How to Combat AI Phishing
AI may seem like that indestructible final boss of your favourite video game. But certain cheat codes can enable us to protect ourselves and our business from such malignant attacks:
1. Professional Expertise
Hiring experts to safeguard your interests would be the first logical step. Be sure to hire people from one of the best online cybersecurity master’s program as they will be dealing in a fast-changing and quickly evolving field. AI advancements are hitting top speed. The malicious actors would always be on the lookout for new ways to up the ante and attack with vigor.
2. Strengthen Authentication
Weak and exposed passwords are one of the major attack points for scammers. Replacing them with passkeys and hardware-based 2FA (like Yubikey or Google Titan) can prevent AI-based attacks. Passkeys (biometric authentication from a secure device) are another great way of avoiding weak passwords. The most common example of this is accessing your banking app on the phone after unlocking it with your fingerprint or retina scan.
3. Pit AI Against AI
Using advanced AI tools to combat AI-powered scammers would be the right answer to a rising menace. Microsoft Defender and Google’s Gmail AI filters are already proficient in detecting and blocking phishing emails before they even hit your inbox. Platforms like Hoxhunt use AI to train employees on evading phishing attacks. Bolster AI also helps take down phishing domains and dodgy websites.
AI is going to continue its gallop towards advancement and progress. As professionals and business owners, it is our responsibility to safeguard our interests and protect our assets. Hiring professionals should not be out of the question. Working on improving existing authentication processes can also reduce areas of attack. Finally, defeating the scammers at their own game by employing AI can also reduce the vulnerabilities.
