Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
Getty Images/iStockphoto
As AI’s popularity grows and its usability expands, thanks to generative AI’s continuous improvement model, it is also becoming more embedded in the threat actor’s arsenal.
To mitigate increasingly sophisticated AI phishing attacks, cybersecurity practitioners must both understand how cybercriminals are using the technology and embrace AI and machine learning for defensive purposes.
Phishing attacks have long been the bane of security’s existence. These attacks that prey on human nature have evolved from the days of Nigerian princes and rich relatives looking for beneficiaries to increasingly sophisticated attacks that impersonate Amazon, the Postal Service, friends, colleagues and business partners, among others.
Often evoking fear, panic and curiosity, phishing scams use social engineering to get innocent users to click malicious links, download malware-laden files, and share passwords and business, financial and personal data.
While phishing attacks have always been difficult for users and security teams to detect and avoid, AI has increased their effectiveness and impact by making them harder to discern and appear more legitimate.
Following are examples of attacks made worse by AI and generative AI (GenAI).
Traditional phishing attacks — via emails, direct messages and spurious websites — often contain spelling and grammatical errors, formatting issues, and incorrect names and return email addresses. AI has resolved many of these issues, removing mistakes and using more professional writing styles.
Phishing attacks are also becoming more timely. For example, large language models (LLMs) can absorb real-time information from news outlets, corporate websites and other sources to incorporate of-the-moment details into phishing emails. These details make the messages more believable and generate a sense of urgency that compels victims to act.
AI chatbots are also being used to create and spread business email compromise, whaling and other targeted phishing campaigns at a much faster rate than human attackers ever could on their own, increasing the scale and surface area of such attacks.
Spear phishing attacks use social engineering to target specific individuals with information gleaned from social media sites, data breaches and other sources. AI-generated spear phishing emails are often even more convincing and more likely to trick recipients.
At Black Hat USA 2021, for example, Singapore’s Government Technology Agency presented the results of an experiment in which the security team sent simulated spear phishing emails to internal users. Some were human-crafted, and others were generated by OpenAI’s GPT-3 technology. More people clicked the links in the AI-generated phishing emails than in the human-written ones — by a significant margin.
Fast-forward to today when LLM technology is more widely available and increasingly sophisticated. GenAI can — in a matter of seconds — collect and curate sensitive information about an organization or individual and use it to craft highly targeted and convincing messages and even deepfake phone calls and videos.
Voice phishing (vishing) uses phone calls, voice messages and voicemails to trick people into sharing sensitive information. Like other types of phishing, vishing attacks try to create a sense of urgency, perhaps by referencing a major deadline or a critical customer issue.
In a traditional vishing scam, the cybercriminal collects information on a target and makes a call or leaves a message pretending to be a trusted contact. For example, a massive ransomware attack on MGM Resorts reportedly began when an attacker called the IT service desk and impersonated an MGM employee. The malicious hacker was able to trick the IT team into resetting the employee’s password, giving the attackers network access.
AI is changing vishing attacks in the following ways:
AI and GenAI are already making life more difficult for cybersecurity practitioners and end users alike and will continue to do so.
To prevent and detect AI phishing attacks, it is critical to follow these best practices:
Finally, use AI to detect AI threats. If it takes one to know one, unsurprisingly, AI tools are uniquely suited to detect AI-powered phishing attempts. Note, however, that, while using an AI model to monitor incoming messages could go a long way toward preventing AI phishing attacks, the cost of doing so could prove prohibitively high. In the future, models will likely become more efficient and cost-effective as they become increasingly curated and customized — built on smaller data sets that focus on specific industries, demographics, locations and so on.
AI can improve phishing prevention and detection in the following ways:
Sharon Shea is executive editor of TechTarget Security.
Ashwin Krishnan is host and producer of StandOutIn90Sec, based in California. where he interviews tech leaders, employees and event speakers in short, high-impact conversations.
Part of: Modern phishing
Cybercriminals are using AI chatbots, such as ChatGPT, to launch sophisticated business email compromise attacks. Cybersecurity practitioners must fight fire with fire.
Quishing is an offputting word for an on-the-rise attack method. Learn how to defend against it.
Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts.
Phishing is a perennial thorn in the side of enterprise security. Thanks to phishing-as-a-service offerings and phishing kits, the problem will only get worse.
Users who think phishing happens only over email should think again. Learn about recent Microsoft Teams phishing attacks and how to defend against them.
The interim standard brings a boatload of major improvements to 5G on the way to 6G’s planned release in 2030. Learn what they do…
Utilities increasingly choose private over public 5G for its superior control, flexibility and security, enabling applications …
Palo Alto Networks acquired observability platform Chronosphere for $3.35 billion. The deal aims to enable AI-driven autonomous …
These certifications and courses can help you gain the specialized knowledge you need to bolster your credentials and …
Tech conferences are a vital way for CIOs and IT leaders to keep abreast of trends and make real-life connections in a …
Enterprises are embracing short-form video for speed and engagement, but its rise brings new complexities. CIOs must establish …
Firmware, such as BIOS or UEFI, plays a crucial role in how securely a Windows device starts and operates. Organizations need to …
The battle for desktop agent mindshare heats up. Microsoft is the latest to arm everyday office workers with tools to make their …
Learn how to set up multifactor authentication in Microsoft 365 to enhance security, prevent unauthorized access and protect …
Transform manually created AWS resources into manageable, automated infrastructure with CloudFormation’s import resource with …
In today’s rapidly changing tech landscape, cloud strategy is more important than ever. This guide explores how to best use your …
Cloud dominance intensifies as AWS, Microsoft and Google capture 63% of the $107B market. AWS leads at 29%, despite erosion, …
As AI projects move from the realm of technologists to the business environment, major organisations including Telstra and …
The cloud supplier is offering training and its AI technology stack to unlock an estimated 730 billion baht in economic value for…
Knowledge transfer partnership aims to make ‘radio-over-fibre’ technology available to new sectors, developing ways to amplify …
©2025 TechTarget, Inc. d/b/a Informa TechTarget. All Rights Reserved.
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information