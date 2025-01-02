Experts warn executives are being hit with personalized AI phishing attacks

AI tools can process huge amounts of data on targets

90% of successful cyber attacks start with a phishing scam

Top businesses such as eBay and Beazley are reporting huge increases in the volume of personalized phishing attacks levied against high-level employees.

A recent report by the Financial Times, outlined the growing concerns about the growing use of AI in targeted scams against executives at major firms.

“This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” Beazley’s chief information security officer Kirsty Kelly told the publication. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”

Expensive consequences

By processing vast amounts of data, AI can quickly scrape and retain information about victims, and mimic the tone and style of an individual or company. This means that the hyper-personalized phishing scams are becoming increasingly convincing and harder to spot.

As these attacks become more sophisticated, they are costing victims more and more. Almost all (90%) of successful cyber attacks originate with a phishing email, and the global average cost of a data breach has risen almost 10% to $4.9m in 2024, IBM reports.

Phishing attacks have been on the rise for a long time, with some businesses receiving up to 36 phishing emails per day, and reports reveal a 28% increase in phishing attacks in the second quarter of 2024.

Until recently, phishing attacks were generally impersonal, including only vague information with a reasonably low success rate. However, AI tools are lowering the entry threshold for these types of attacks, with ‘polished and closely targeted’ scams being seen in huge volumes.

“Businesses need a multi-layered approach to avoid any damage as a consequence of phishing attacks.” said Tim Callan, Chief Compliance Officer at Sectigo.

“Employees should be trained in order to be able to realise when they could be targets of phishing attacks, but businesses should also look at tried-and-tested technologies and implement phishing prevention infrastructures through their IT ecosystems.”