Jump to content
  • Sign Up
×
×
  • Create New...
New feature: 1 Vote = 0.10€ for server Owner!

Beyond the hook: How phishing is evolving in the world of AI

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Beyond the hook: How phishing is evolving in the world of AI

One almost feels a little nostalgic for the days of old-school

This is the hidden content, please
attacks, those poorly worded, spray-and-pray emails that most people could spot a mile off. While they were still a danger, it was fairly simple to create countermeasures. But things have changed. Today’s phishing campaigns harness artificial intelligence (AI), deepfakes and adversarial techniques to bypass even state‐of‐the‐art defences. 

Even adaptive AI-powered security isn’t necessarily equipped to deal with the sophistication of modern phishing, as hackers are utilising cutting-edge technology to exploit technical gaps and find new human vulnerabilities. 

The first step in countering modern phishing is to understand the attackers’ tactics and how they can overcome your cyber security measures. Once you’re equipped with that knowledge, we’ll break down the strategies, technology and protocols you can use to stay ahead of the evolving phishing menace. 

Phishing attacks have evolved

Phishing attacks have dramatically shifted from indiscriminate bulk email blasts to highly targeted, personalised schemes. The days when a mass email riddled with typos would be enough to lure a victim are over (fun fact: those

This is the hidden content, please
to help weed out people less susceptible to manipulation). Instead, attackers are now using hyper-personalised, tailored messages,
This is the hidden content, please
of their targets, that can fool even the most vigilant.

Phishing has also evolved beyond just email. Vishing (

This is the hidden content, please
), smishing (
This is the hidden content, please
) and quishing (
This is the hidden content, please
) broaden the attack surface significantly in insidious ways. Some attackers even ******* ongoing email threads, sometimes known as
This is the hidden content, please
, to take advantage of an already established conversation, further lowering a target’s guard. 

These

This is the hidden content, please
to exploit the rapid expansion of the digital attack surface. The proliferation of apps, communication platforms and internet of things (IoT) devices provides more opportunities for attackers to find a weak link. As organisations embrace digital transformation, securing every endpoint becomes increasingly challenging.

The globalisation of businesses also broadens the attack surface significantly. Many companies have workers across multiple countries, using multiple languages. With

This is the hidden content, please
, it becomes a lot harder to know what to look for. This necessitates
This is the hidden content, please
trained in
This is the hidden content, please
.

The role of AI in modern phishing attacks

The same AI technologies that are enabling advances in cyber security are also a core component of modern phishing attacks. While

This is the hidden content, please
for most AI investments in tech budgets, the increased accessibility of AI tools means cyber criminals can run advanced, sophisticated phishing campaigns at scale.

The same AI technologies that are enabling advances in cyber security are also a core component of modern phishing attacks

One key development is

This is the hidden content, please
. AI’s pattern recognition ability, which plays such a crucial role in threat analysis, can also be used to identify prospective targets and how to exploit them. Combined with advanced language models, attackers can craft messages that read like genuine, conversational correspondence. These messages are free of glaring errors and are tailored to the recipient, significantly increasing their believability.

This social engineering can also be combined with another AI-enabled technique:

This is the hidden content, please
. Deepfake audio and video allow hackers to impersonate high-level executives or trusted figures. For example, an AI-generated voice clone might call an employee, issuing urgent instructions to transfer funds. 

Adversarial AI techniques are being used to

This is the hidden content, please
deployed in cyber security defences. Attackers study how these models identify phishing content and then subtly alter their messages, often by tweaking text or URL features, so that they evade detection. This ongoing “arms race” between attackers and defenders means no single tool or approach remains effective for long.

The result of these advanced techniques? More than

This is the hidden content, please
. And when all it takes is one mistake to potentially give cyber criminals access to your entire network and database, that’s a serious problem that needs addressing.

Bypassing multifactor authentication

You might think multifactor authentication (MFA) is a viable solution to countering modern phishing, with the belief that the more you have to query a phishing attack, the more likely you’ll be able to spot warning signs or present barriers they can’t overcome. But attackers are finding ways to circumvent traditional MFA methods, such as SMS-based one-time passwords (OTPs). 

A common tactic is a brute force approach, which involves overwhelming users with MFA push notifications –

This is the hidden content, please
– until they inadvertently approve a fraudulent login attempt. Slightly more sophisticated is the use of social engineering to trick users into disclosing their MFA codes by directing them to counterfeit websites or fraudulent phone calls.

But the most devious, sophisticated approaches use man-in-the-middle (MITM) or adversary-in-the-middle (AITM). These attacks use

This is the hidden content, please
in real time. Once a victim enters their MFA code, the proxy relays it to the legitimate service while secretly intercepting the authentication tokens, effectively granting the attacker full access.

Why traditional security policies often fall short

No matter how much you’ve invested in the most sophisticated, AI-driven cyber security and policies, there are weaknesses modern phishing can exploit. It’s only by understanding these weaknesses that you can develop countermeasures to mitigate those vulnerabilities.

Your security tools are outdated

Outdated security tools also contribute to the problem. Many organisations

This is the hidden content, please
, firewalls, antivirus software and static spam filters. These reactive defences are ill-equipped to deal with the dynamic nature of modern phishing. They’re designed to detect known threats, but when attackers leverage AI to continuously change their tactics, these defences quickly become outdated.

Furthermore, by focusing your security efforts on perimeter defence, you might have little in place to counter threats once they’re already in your network.

The visual and auditory realism of deepfakes makes them especially dangerous, as both humans and automated systems can struggle to differentiate between real and fabricated communications

Your people make mistakes

Even with strong policies in place, human error remains a critical vulnerability. New hires, for instance, may be unaware of the latest phishing tactics, and even experienced employees can be duped by a well-crafted, personalised scam.

Deepfake-enabled phishing is deliberately designed to exploit human vulnerabilities in a network. Studies have found that only

This is the hidden content, please
, and with this technology constantly advancing, the threat is only going to increase.

You can’t detect AI-fakery

Spotting AI-generated and deepfake content isn’t just a challenge for humans, it’s also an issue for computerised systems. Conventional security measures often focus on

This is the hidden content, please
, which is not effective against synthetic media that can mimic legitimate content with high accuracy. The visual and auditory realism of deepfakes makes them especially dangerous, as both humans and
This is the hidden content, please
.

Staying ahead of the curve: Defence strategies

So, the challenge in countering modern phishing seems pretty high, but we can’t just throw in the towel. With the right, multi-layered security approaches, you can reduce your vulnerabilities to phishing and mitigate their potential impact when they do occur.

Phishing-resistant authentication

One of the most promising strategies is the adoption of

This is the hidden content, please
. Modern protocols like FIDO2/WebAuthn offer passwordless authentication that binds credentials to specific websites and devices, making it significantly harder for attackers to spoof login processes. This
This is the hidden content, please
eliminates the vulnerabilities associated with traditional passwords and SMS-based OTPs.

Counter AI with AI

While AI might be enabling modern phishing’s sophistication, AI also plays a crucial role in countering its threat. AI-powered threat intelligence systems can

This is the hidden content, please
that indicate a phishing attack in progress.
This is the hidden content, please
(EDR) solutions that incorporate machine learning can rapidly identify and isolate compromised devices before they cause widespread damage.

Adopt zero-trust security

Zero-trust architecture is another critical step in

This is the hidden content, please
. In a zero-trust model, no user or device is automatically trusted, even if it’s inside the corporate network. Every access request is verified, and lateral movement within the network is strictly controlled. This “never trust, always verify” approach minimises the damage that can be done if an attacker does manage to bypass initial defences.

Train your people

Continual security awareness training is also vital. As phishing tactics become more sophisticated,

This is the hidden content, please
can help employees recognise the latest scams. Tailored training that includes examples of deepfake impersonations and multi-channel phishing attempts will ensure your employees remain vigilant and know how to react appropriately.

Holistic approach required

As the battle against phishing continues, the key takeaway is clear: no single solution will suffice. Instead, a holistic approach that combines advanced technology with proactive training and robust policies is essential to outmanoeuvre cyber criminals in this new era of AI-enhanced attacks.



This is the hidden content, please

#hook #phishing #evolving #world

This is the hidden content, please

This is the hidden content, please

For verified travel tips and real support, visit: https://hopzone.eu/
0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept