- Experts warn of phishing’s electronic emails written by the polished and avoid traditional email filters
- Polymorphic attacks constantly change to evade real -time detection
- Commercial email commitment scams now imitate executives with almost perfect format
We have said it before, and we will say it again. Artificial intelligence is changing the face of cyber crime, and phishing is an area where it is hitting harder.
The new data of the Cofense security firm have warned that Phishing campaigns with AI are not only more frequent but also much more convincing than ever.
These emails are cleaner, more polished and adapted to deceiving even more cautious users, and with generative tools of AI now accessible to almost any person, threat actors are climbing their operations at a pace that many companies simply cannot keep up to date.
Highly evasive delivery system
In your latest threat intelligence report, The emergence of AI: a new era of phishing threatsCofense details how Phishing’s tactics are evolving at a phenomenal rhythm.
In 2024, Cofense Phishing Defense Center detected a malicious email every 42 seconds, many of which slid through inherited perimeter defenses.
Email -based scams increased 70% year after year, fed by AI’s ability to imitate tone, falsify internal emails and customize messages with impressive precision.
The messages now have perfect grammar, precise format and realistic sender addresses. Often they also go through C-Suite executives, they respond within the existing email threads and use lookalike domains as “@consultant.com”.
This change towards commercial email commitment (BEC) has become a great threat. The content generated by AI lacks the revealing signs that previously given Phishers, such as typographic errors, spelling errors and uncomfortable phrases, often clues that suggest that English may not be the first language of the sender.
Phyishing polymorphic campaigns are another area of concern, according to Cofense. These attacks constantly change their real -time content to evade signature -based security tools. The lines of matter, the details of the sender and the text everything changes dynamically, which makes the detection with traditional filters almost impossible.
The malware integrated in these emails has also evolved, reports Cofense, with more than 40% of the samples in 2024 newly observed threats, many of them remote access Trojans (rats).
How to stay safe
Carefully examine the email content: It is skeptical of emails that involve financial actions, urgent requests or language outside the place, even if the format looks perfect.
Verify internal applications: If an email claims to be a co -worker or executive, check the known contact methods twice before taking action.
Do not trust appearance: The emails generated by ia often look perfect, so grant in the context, time and content instead of how “professional” looks.
Avoid clicking on links without verification: Pass the closure of the links to verify your destination and avoid downloading unknown or unexpected messages files.
Use security tools that go beyond the perimeter: Look for solutions that offer subsequent analysis of the delivery and response of behavior -based threat, not just firms.
