AI-assisted phishing attacks pose a significant and increasing threat to organizations, according to Matt Weidman, partner and vice president of Commercial Property & Casualty at USIA.
In an article for CBIA, Weidman explains that attackers can use AI tools to craft targeted, convincing phishing messages that are almost indistinguishable from the real thing.
“Personalization and social engineering: AI can analyze vast datasets, including social media posts, websites, and public records, to craft highly tailored messages,” Weidman says. “It can be trained to mimic writing styles to appear authentic, reference specific details (e.g., recent purchases, ongoing projects) to seem legitimate, and even clone the voice of business leaders or generate realistic videos to make fraudulent yet convincing messages.”
In addition to improving the content of the phishing messages, AI can help attackers substantially increase output on a massive scale.
“Because AI can increase cybercriminals’ output volume and enhance the sophistication of their tactics, employees may encounter multiple fraudulent messages on a daily basis,” Weidman says. “The combination of frequent attempts and convincingly crafted messages may increase the likelihood that a business will fall victim to one of these scams.”
Security awareness training can give organizations an essential layer of defense against these attacks.
“Staff should receive ongoing security awareness training that teaches them about the latest cybersecurity threats and hackers’ newest tactics,” Weidman says.
“Businesses should conduct phishing simulations to help employees recognize and respond effectively to fraudulent communications. Employees should feel empowered to verify requests for sensitive information before responding to them, especially those involving financial transactions or credential sharing, and they should be encouraged to report suspicious activities.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
CBIA has the story.
