According to a recent Financial Times report, corporate executives are increasingly targeted by sophisticated phishing scams generated by artificial intelligence (AI) bots, as analyzed by major companies like Beazley and eBay. The prevalence of these hyper-personalized attacks raises significant security concerns.
Corporate executives face rising AI-driven phishing scams
Kirsty Kelly, chief information security officer at Beazley, emphasized the severity of the issue, stating, “This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it.” She noted that these scams utilize extensive information scraped about individuals through AI analysis of online profiles.
AI’s rapid development enables it to process vast amounts of data, mimicking the tone and style of individuals or companies, making phishing scams convincingly realistic. Cybersecurity experts, including eBay’s Nadezda Demidova, highlighted that the availability of generative AI tools has significantly lowered the barrier for engaging in advanced cyber crime, contributing to a noted increase in the volume of “polished and closely targeted” phishing scams.
More than 90 percent of successful cyber attacks begin with a phishing email, according to the US Cybersecurity and Infrastructure Security Agency. The global average cost of a data breach is projected to rise nearly 10 percent to $4.9 million in 2024, according to IBM, reflecting the escalating financial risks associated with these attacks.
AI’s effectiveness extends to crafting business email compromise scams, a type of phishing attack without malware where fraudsters deceive recipients into transferring funds or sharing sensitive information. The FBI reported that these scams have cost victims worldwide over $50 billion since 2013.
Sean Joyce, global cyber security lead at PwC, noted that AI is utilized to identify vulnerabilities in both code and the human chain. Moreover, AI-generated phishing scams are more likely to bypass corporate email filters and cybersecurity training. Demidova pointed out that standard filters, which typically block bulk phishing attempts, may struggle against dynamically reworded scams generated in rapid succession by AI.
Featured image credit: Kerem Gülen/Midjourney
