Decoding Tomorrow’s Threats: Phishing and AI in 2024
Understanding Phishing in 2024
Phishing has evolved from simple scams to complex schemes leveraging AI, posing a significant risk to businesses worldwide. This threat involves creating seemingly trustworthy content to extract sensitive business information under false pretences.
What does phishing mean?
Phishing is the process of creating and distributing content that targets victims by pretending to be a reputable site or user, to collect sensitive information with malicious intent. According to a report by the Internet Crime Complaint Centre (IC3), 300,497 phishing complaints were submitted in 2022. That translates to almost 45% of all complaints raised that year.
It’s a sad truth that phishing scams are still active in 2024, with criminals and hackers trying to trick users into filling out fake forms, intent on gaining access to your computers, network and sensitive data. Ask yourself, do you and your colleagues know how to identify suspicious emails?Do you trust every single page you browse on the internet?
Many businesses now deploy security awareness training to their employees in an effort to protect their companies. At Fusion IT, we are Sophos Gold Partners offering specialised Outsourced IT Management, which includes such protections.
Contact us today to see how Fusion IT can help you protect your business.
Phishing is no longer simply a case of “this email looks slightly off” – criminals create intricate and believable attacks on multiple fronts from anywhere in the world. Knowing how to identify a phishing scam is getting increasingly difficult, as Artificial Intelligence and Machine Learning further convolute the cybersecurity industry.
AI’s Role in Phishing
Leveraging AI for Scamming Businesses
The leap from manual scams to AI-assisted phishing marks a significant escalation in cyber threats facing businesses. AI enables the creation of highly convincing fake websites and communications, making it difficult for even the most cautious to discern authenticity. These AI-generated scams can mimic trusted entities like banks or major corporations, posing a direct threat to your business’s security.
In the early days, it may have been an individual at a laptop carrying out phishing attempts. The evolution of technology has made it easier and easier for criminal organisations to develop and upscale their operation, making AI-assisted cybercrime one of the greatest threats to web users around the world. The old-school approach saw individuals or groups of individuals crafting emails and websites manually.
Fusion IT knows that this isn’t the case any longer – now, with AI, it’s relatively easy to create a website that looks exactly like that of your bank, to write an email that could believably be from a trusted source like Google or Meta or even getting Machine Learning to automate a chatbot over the phone.
Modern phishing scams are unlikely go for all of your data at once – most web users will start to suspect if prompted for too much sensitive information in one go. Criminals are now able to grab small pieces of public data, say a comment on a video, or a “like” on social media post (whether it’s Linkedin, Facebook, X (formerly known as Twitter) or Instagram) and, using AI, aggregate this using machine learning to construct a phishing scam that is scarily believable.
Risks and Challenges
Emerging Trends: What to Anticipate in 2024 and Beyond
AI’s capacity to analyse vast amounts of data allows it to mimic human communication styles and even voices convincingly. This technology’s advancement has reached a point where deepfakes and AI-generated voices can deceive even the most vigilant. For businesses, this means that any piece of data, from customer interactions to employee voices, can potentially be used against them in phishing schemes.
But how does it do it?
AI is becoming more and more intelligent by the second. By ingesting large volumes of data, up to several petabytes in some cases, generative algorithms form educated guesses based on existing previous information. If you were to restrict a Large Language Model (LLM) like ChatGPT to just the letters of the English alphabet, it would output very little – it wouldn’t know what a word is, much less a paragraph. Conversely, a LLM trained solely on the works of Shakespeare would form responses reminiscent of the 16th Century poet.
LLMs are trained on datacentres full of information – the relatively new technology infers not only relationships between words, but the intention of those words. So, as the world becomes increasingly online-only and the amount of sensitive data available to malicious parties grows, Large Language Models have a greater range of learning material on which to base themselves.
Human Touchpoints: Where AI Exploits the Weakest Links
In 2024, we’re online all the time. At home, at work, even on holiday. Whilst our individual digital-footprints will vary greatly – serious harm can be inflicted with even the smallest piece of biometric data. It isn’t as futuristic as it sounds – biometrics have been included in all UK passports issued after 2006. In this context, we’re not referring simply to your name or city of birth, we’re talking more semantically: your tone of voice, maybe how you comment on a social media post, perhaps even an X post or an Instagram reel that features your actual voice. Phishing attacks are now able to take advantage of this.
Just think: a brand’s post calling for users to “Generate how you’d look as a Viking!” or “use our AI to see yourself as a Hippie in the 60s” could form a part of a data-mining initiative, or more maliciously, a scam. Data is, unequivocally, king.
Just as AI can recreate the written word and human faces, it can recreate the human voice. This is has been dubbed “vishing” by cybersecurity specialists. It’s even reached the Open Source community, with various applications that can recreate and clone a voice from as little as a few seconds of audio. Nearly any personal datapoint: a comment, like, message or WhatsApp video could be used to train AI.
The damage that these AI-generated voices could do can’t be understated; when paired with a well trained LLM, a phone call from a family member or a bank could end up being very believable indeed.
Businesses should be aware of these dangers: Fusion IT can help with a myriad of solutions.
Defensive Measures
As much as AI is being utilised to commit cybercrime, AI is also being used to prevent it. It’s not just confined to cloud computing in the form of an email provider’s or social media’s threat detection – companies have now sunk large sums of money into AI research and technologies designed for protecting users’ accounts. Copilot can already reply to emails for you in Outlook and Microsoft are already integrating it as a new security measure, Copilot Security.
Future Threats on the Horizon
Preparing for Tomorrow
Looking at 2024 and beyond, it’s crucial for business owners to stay informed about the latest cybersecurity practices and innovations. Collaboration and proactive engagement in cybersecurity communities can help businesses adapt to new threats and protect their valuable assets.
So, what are some material steps that you can take to protect your business’s computer systems, users, and sensitive data?
The risk posed by phishing attacks is major. Across all devices and all networks, whether it’s your workplace computer or mobile devices, phishing scams are still a genuine threat to your cybersecurity. To prepare for changes in your data security, it’s imperative to keep programs and software up to date. By following best practices on all fronts, be it against malware, ransomware attacks or phishing, Fusion IT helps keep your business safe from data breaches with additional protection.