- Experts warn that executives are being targeted by AI-powered phishing attacks
- AI tools can process huge amounts of data about targets
- 90% of successful cyber attacks start with a phishing scam
Major companies such as eBay and Beazley are reporting huge increases in the volume of spear phishing attacks against high-level employees.
A recent Financial Times report highlighted growing concerns about the increasing use of AI in scams targeting executives at major companies.
“This is getting worse and getting very personal, and that’s why we suspect AI is behind much of this,” Beazley’s chief information security officer Kirsty Kelly told the publication. “We are starting to see very targeted attacks that have obtained an immense amount of information about a person.”
Costly consequences
By processing large amounts of data, AI can quickly extract and retain information about victims and mimic the tone and style of an individual or company. This means that hyper-personalized phishing scams are becoming more convincing and harder to detect.
As these attacks become more sophisticated, they cost more and more victims. Nearly all (90%) of successful cyberattacks originate with a phishing email, and the global average cost of a data breach has increased nearly 10% to $4.9 million in 2024, IBM reports.
Phishing attacks have long been on the rise, with some businesses receiving up to 36 phishing emails per day, with reports revealing a 28% increase in phishing attacks in Q2 2024.
Until recently, phishing attacks were generally impersonal and included only vague information with a reasonably low success rate. However, artificial intelligence tools are lowering the entry threshold for these types of attacks, and “polished and highly targeted” scams are being seen in large volumes.
“Businesses need a multi-layered approach to prevent any harm from phishing attacks.” said Tim Callan, chief compliance officer at Sectigo.
“Employees should be trained to be able to realize when they might be targets of phishing attacks, but companies should also look for proven technologies and implement phishing prevention infrastructures across their IT ecosystems.”
