The average ransomware loss hit $353,000 this year 📈

How Artificial Intelligence Levels Up Email Phishing

Coalition Blog-AIPhishing

Email phishing attacks — which already account for nearly 90% of all data breaches — are becoming even more pervasive and harder to detect as threat actors incorporate chatbots and other artificial intelligence (AI) tools into their strategies.

Today, bad actors are increasingly turning to generative AI writing tools like ChatGPT, Bard, and Jasper to create credible phishing emails and even efficiently translate the scams into multiple languages using free services like Google Translate. 

As a result, attackers can launch these attacks en masse and at scale. These new technologies enable them to be much more efficient than they would be if they had to manually develop the entire phishing attack, giving them more time and cover to gain access to networks. Once inside, they can monetize the attack by launching lucrative ransomware and malware attacks or committing funds transfer fraud (FTF).

How is AI used in email phishing?

Before, one of the telltale signs of a phishing attack was receiving a message filled with typographical errors and poor grammar. While professional emails might contain an error here and there, most are usually well-written, so when you receive one filled with mistakes that purportedly comes from a reliable source, it should raise some red flags. In many cases, email filters will flag these types of messages as spam, preventing them from reaching unsuspecting users' inboxes in the first place.

Thanks to generative AI writing tools, however, it’s now much easier for bad actors — whose attempts have previously been thwarted by bad writing and poor grammar — to create well-written messages that are more convincing and can slip past email filters.

AI email phishing attacks at scale

Imagine, for example, a group of non-English speaking hackers gets together to launch multiple phishing scams. Since none are native English speakers, we could assume none can write well in English either.

From wherever they are in the world, using generative AI, this group can now create mostly flawless phishing messages. And they can then translate those messages into any languages they like — German, French, Italian, Chinese, and Japanese — enabling them to target more businesses across more geographies faster, all while sounding like a native speaker of each language (or at least close enough).

With this technology, hackers can cover considerably more ground. Since phishing is mostly a numbers game — hackers only need to dupe a single user to gain network access — this increases the likelihood of a successful attack.

How to spot an AI-based phishing attempt

While life may have gotten easier for hackers launching phishing attacks, that doesn't mean companies are completely out of luck. Taking a proactive approach to cybersecurity and ensuring your team knows what to look for in an attack can increase the chances bad actors don’t get inside your network. 

With that in mind, here are four tactics your team can use to identify phishing attacks — and even prevent them from occurring in the first place.

1. Use the same tried-and-true tactics

Though phishing emails may no longer be riddled with grammatical errors, there are still several obvious indicators that suggest an email might be fraudulent. Employees should be skeptical of messages that lack personalization, ask you to download an attachment or click a link, imply urgency, or include requests for sensitive information. Employees should also be taught to hover over the sender’s email address to ensure it comes from a legitimate domain — not a spoofed one.

For example, a legitimate domain would be john.doe@abccompany.com, whereas a spoofed domain could read john.doe@abcccompany.com. Another tip-off may come from security banners inserted by your organization’s IT team ('this message came from outside your organization') or by your email security platform ('be careful with this message').

2. Prioritize security awareness training

Since hackers continue to develop new attack methods — and over 95% of security incidents involve human error — organizations must prioritize security awareness training. This training will help ensure employees have the most current information about evolving threats, know what to look for in a phishing attack, and understand what to do next after they’ve received a phishing email or clicked on a suspicious link.

3. Implement robust security controls

By taking a proactive approach to cybersecurity, it’s possible to prevent phishing attacks from reaching their intended target: your employees. For example, email security suites can automatically flag risky emails, check for malicious attachments and forwarding rules, and monitor login behavior to automatically identify suspicious login attempts. Coalition Control users have access to a Marketplace of partners that offer discounted cybersecurity solutions on services such as multi-factor authentication (MFA), endpoint detection and response (EDR), free security training, phishing simulations, and more. 

Additionally, companies can publish public domain name system (DNS) records — including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain Message Authentication Reporting & Conformance (DMARC) technologies — to limit an attacker’s ability to send messages that falsely appear to be coming from your domains. They can also implement access controls like MFA, which make it that much harder for a bad actor to do their dirty work.

4. Use secure financial practices related to email

FTF claims occur when cyber criminals gain unauthorized access to a network, often via a phishing email, and then redirect or change payment information to steal funds.

To combat FTF events, implement the following best practices:

  1. Utilize secure financial practices related to email.

  2. Don't add or update payment information (e.g., bank account numbers, wire details) based only on an email.

  3. Always confirm new or changed payment information using a known good contact number— avoid calling the number in the email as attackers can change these numbers or intercept them— and for large payments, require multiple team members to approve the updates.

Keeping pace with bad actors

To learn more about how phishing has evolved, keep an eye out for Coalition’s upcoming 2023 Claims Report, which analyzes how our claims and security monitoring data trends have evolved over the last six months and year over year. 

Until then, watch this space for more news, security alerts, and other timely cybersecurity information, or connect directly with our Security Labs team on Twitter @CoalitionSecLab.