Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
Corporate executives are being hit with an influx of hyper-personalised phishing scams generated by artificial intelligence bots, as the fast-developing technology makes advanced cyber crime easier.
Leading companies such as British insurer Beazley and ecommerce group eBay have warned of the rise of fraudulent emails containing personal details probably obtained through AI analysis of online profiles.
“This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” said Beazley’s chief information security officer Kirsty Kelly. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”
Cyber security experts said the increasing attacks come during a period of rapid advancement for AI technology, as tech companies race to create ever more sophisticated systems and launch popular products for consumers and businesses.
AI bots can quickly ingest large quantities of data about the tone and style of a company or individual and replicate these features to craft a convincing scam.
They can also scrape a victim’s online presence and social media activity to determine what topics they may be most likely to respond to — helping hackers generate bespoke phishing scams at scale.
“The availability of generative AI tools lowers the entry threshold for advanced cyber crime,” said eBay cyber crime security researcher Nadezda Demidova. “We’ve witnessed a growth in the volume of all kinds of cyber attacks”, particularly in “polished and closely targeted” phishing scams, she added.
Kip Meintzer, an executive at security company Check Point Software Technologies, told a recent investor conference that AI had given hackers “the ability to write a perfect phishing email”.
More than 90 per cent of successful cyber attacks begin with a phishing email, according to the US Cybersecurity and Infrastructure Security Agency. As these attacks become more sophisticated, their consequences have become increasingly expensive, with the global average cost of a data breach rising nearly 10 per cent to $4.9mn in 2024, according to IBM.
Researchers have warned that AI is particularly effective for crafting business email compromise scams — a specific type of malware-free phishing where fraudsters trick recipients into transferring funds or divulging confidential company information. This kind of scam has cost victims worldwide more than $50bn since 2013, according to the FBI.
AI is “being used to scan everything to see where there’s a vulnerability, whether that’s in code or in the human chain”, said Sean Joyce, global cyber security lead at PwC.
Phishing scams generated using AI may also be more likely to bypass companies’ email filters and cyber security training.
Basic filters, which generally block repeated bulk phishing campaigns, may struggle to track these scams if AI is used to rapidly generate thousands of reworded messages, said eBay’s Demidova.
Read the full article here