Bad actors using AI to target businesses via business email compromise (BEC)

Phishing is a form of cyberattack that involves deceiving the target into believing that the communication is coming from a legitimate source, such as a colleague, a partner or a bank. Phishing can have serious consequences for the target, such as losing money, leaking data, damaging reputation or facing legal issues.

Today, phishing is becoming more advanced and realistic, thanks to the use of artificial intelligence (AI) by cyber criminals. AI can help them create convincing and customized phishing emails, texts, and calls, using natural language generation and speech synthesis. These technologies can mimic the style and tone of the genuine sender or caller and adapt to the context and situation of the target.

AI can also help cyber criminals automate and scale their phishing campaigns, by mining large amounts of data and finding the most attractive and vulnerable targets. For instance, AI can crawl social media profiles, company websites, and public records to collect information about the target’s hobbies, preferences, behaviors, and connections. This information can then be used to design persuasive and relevant messages that can lure the target into taking the desired action, such as opening a link, downloading a file or sending money.

To combat the threat of AI-enabled phishing, businesses need to leverage AI-based solutions that can identify and block such attacks. AI can help businesses analyze the content and context of incoming communications and alert any suspicious or abnormal elements. AI can also help businesses verify the identity and validity of the sender or caller, by using biometric or behavioral features, such as voice, face or typing patterns.

Furthermore, businesses should educate and train their employees on how to spot and avoid phishing attacks, and how to report any incidents. Organizations should also implement robust security policies and procedures, such as using encryption, multi-factor authentication and backup systems, to protect their data and assets from unauthorized access or theft.

For more information on how to protect your organization from cyberattacks, connect with a Baker Tilly cybersecurity specialist.