Lisa Ventura, MBE
Founder, Cyber Security Unity Limited and Member of BCS, The Chartered Institute for IT
Protect yourself from rising AI-driven phishing attacks. Learn how to identify sophisticated cyberattacks and ways to enhance online security.
The use of artificial intelligence (AI) and natural language processing (NLP) models to craft phishing emails and produce sophisticated cyberattacks is a growing concern. These techniques blur the line between legitimate and malicious communication, posing a challenge for individuals and security systems.
Modern phishing cyberattack case
Anna* clicked an email link inviting her to enter a car prize draw. She submitted her details because she was contemplating a new car purchase. She didn’t realise that she had given her details to cybercriminals who used them to open two credit cards and a loan in her name.
Anna didn’t think twice because the email looked legitimate. “Emails from cybercriminals often have poor spelling and grammar, and this email was very well-written, so I thought it was safe to click on the link and enter the competition,” she says.
NLP models can analyse immense data to
understand context, allowing cybercriminals
to mimic legitimate communications.
NLP models in advanced phishing
AI, particularly in the form of models like ChatGPT-3.5, has recently seen tremendous growth. These models can produce human-like text, enabling cybercriminals to craft convincing phishing emails. Despite positive uses, NLP models can be exploited for malicious purposes.
Phishing involves deceiving individuals into revealing sensitive information, including login credentials or financial details. Traditionally, signs of fraud (eg. poor grammar), made it obvious. Now, advanced NLP models can help cybercriminals generate phishing emails that are harder to detect.
NLP models can analyse immense data to understand context, allowing cybercriminals to mimic legitimate communications from specific individuals or organisations and personalise phishing emails with the target’s name, job title or other information from social media or data breaches. They can also dynamically generate content based on real-time information, adapting phishing emails to current events or trends. This challenges security filters relying solely on static patterns.
How to protect your organisation from AI-driven phishing
Given its evolving nature, user education is crucial. Be aware of the potential threats and take caution when clicking on links or providing sensitive information. Invest in advanced email filtering solutions that leverage AI to detect subtle differences in language and behaviour, identifying potential phishing attempts. Multi-factor authentication (MFA) also enhances security, complicating unauthorised access for attackers even if login credentials are compromised.
Through advanced technology, user education and proactive security measures, the risks associated with AI-driven cybersecurity attacks can be mitigated so that we can stay safe online.