Researchers warn of 'hyper-personalized' AI-powered hacking attacks

Phishing attacks are about to become much more persuasive. A new report warns that scammers are now using artificial intelligence to extract information about you from your online profiles and then send highly personalized emails aimed at swindling your credentials.

What is phishing

Phishing is a type of online fraud where criminals try to trick you into giving them your sensitive information, such as logins, passwords, or credit card information. They may send emails or messages that appear to be from an official source, such as a bank or a well-known company, asking you to provide personal information or to click a link to a fake website. The goal of a phishing attack is to steal valuable information for further fraudulent use.

Once they have the necessary information about your life, scammers can send emails that are much more likely to look genuine. For example, if they learn that you are interested in coin collecting, they may send you an email offering to pick up some rare old coin at a very cheap price. A victim captivated by a unique offer may forget about caution and click on the link, then enter payment details or immediately get a virus.

You may also receive an email from an email address that appears to be from a person or company you know, but differs in only one inconspicuous character – for example, a zero instead of an “o”.

Phishing has been around for as long as the Internet itself. Fraudsters send out mass emails on behalf of banks, internet providers, mobile operators, stores, media outlets, cryptocurrency exchanges, popular companies and services. Typically, fake content is intended to create a sense of urgency. For example, your bank warns you about a fraudulent transaction, an online store sends you an invoice for an expensive product you didn't order, or Google tells you that your cloud storage is about to be blocked.

Thus, scammers rely on fear and the desire for easy money to lull our attention without giving us time to think about whether the received email is real or not.

Phishing reaches a new level thanks to artificial intelligence

Most such attacks are very typical, but a report Financial Times warns that this is now changing. Scammers are starting to use artificial intelligence to analyze public profiles to generate emails that will be personalized much better than if they were worked on by a human. This means they will be able to trick their victims faster and more often.

Leading companies such as British insurer Beazley and e-commerce group eBay have warned of a rise in fraudulent emails containing personal details, likely obtained through AI analysis of online profiles.

It’s getting worse, and it’s getting very personal, which is why we suspect AI is behind it. We’re starting to see very targeted attacks that are scraping huge amounts of information about a person,
– says Beazley’s chief information security officer Kirsty Kelly.

Highly personalized phishing emails are also much more likely to get through filters set up by both corporations and email providers like Apple and Google.

Currently, the main targets are employees of large companies. Fraudsters typically want to get to executives to gain access to internal systems and steal confidential corporate secrets. This data can then be held for ransom or sold to interested third parties – journalists, competitors, or other hackers. Artificial intelligence bots even copy the writing style of certain companies from their websites and other public content to add weight to their fraudulent actions.

Basic protection against phishing attacks — never click on links sent in emails, always check the sender's email address, add verified personal contacts to your address book, use your own bookmarks in the browser, contact the person who supposedly wrote to you with an urgent matter, on other services, and so on.