Artificial Intelligence is a double-edged sword. While it opens up a host of use cases to make our work and daily lives more efficient, it also empowers cybercriminals to execute more effective attacks.

Phishing, now the most widespread form of cyber attacks with almost 3.4 billion emails sent per day are now being fed AI, increasing sophistication and maximizing the likelihood that these attacks will succeed.

A recent study reveals a 60% growth in guided AI phishingwith higher success rates compared to messages created by human experts. This highlights that AI is not just a tool, but a catalyst in transforming the way these attacks are carried out, underscoring the need to stay ahead of their rapid evolution.

Related: Scam warning! Watch out for these 5 sneaky scams targeting small businesses and how to avoid them

Is it really your CEO? Think twice

In the GenAI era, the lines between phishing and authentic messages are blurred, making them almost impossible to detect. C-level executives fall as one of the main targets in cyber attacks due to the amount of sensitive information and the authority they hold within an organization. The attackers have phishing set up to a whole new level with the help of AI tools, engaging in what is known as “whale phishing”.

This method involves the use of levers Deep fake AI to impersonate a company's top executives, mimicking their appearance, voice and behaviors to persuade employees to transfer funds or gain access to the system, leading to financial and reputational losses.

A gloomy one example would be the attack on an advertising firm where hackers used the CEO's image to create a fake WhatsApp profile to set up a Microsoft Teams meeting with him and another senior executive. During the call, the attackers used AI voice cloning and YouTube footage to trick employees into revealing personal details and transferring money under the guise of setting up a new business. Fortunately, the attempt failed due to the vigilance of the company's manager.

The sophistication of such attacks reminds us that we can no longer afford to blindly believe that someone is who they claim to be simply because they have their image and name on their profile. More than 95% of IT professionals find it difficult identify phishing attacks created with large language models (LLM) such as ChatGPT, Gemini and WormGPT. The strategy lies in playing with human psychology and personal information available online to create the most persuasive message. These messages often pose as trusted colleagues, incite fear of a potential security breach, or pique curiosity with a “too good to be true” offer about a recent purchase, prompting users to click.

Gone are the days when phishing attacks could be distinguished by their misspellings, incorrect information and sloppy execution. Today's AI-powered phishing campaigns correct for such errors, making it easy for bad actors to create a campaign with just five demands and five SECONDSwhich traditionally can take a cheat almost 16 hours.

In this landscape, it is essential to remain vigilant and question the authenticity of any message. The stakes are high and the need for rigorous vetting processes has never been more critical.

Related: Viral TikTok warns small business owners about package scam

How can we overcome these attacks?

Paradoxically, the defense against these AI-powered attacks is using AI itself. Businesses should consider investing in AI-driven security measures, with Extended Detection and Response (XDR) playing a crucial role in this strategy. XDR constantly monitors the mailbox, scanning for any indicators of compromise (IOC) such as URLs, domains, IP addresses, file hashes and more.

Additionally, XDR's behavioral analytics creates a baseline of typical user behavior and email traffic patterns. When deviations from this baseline are detected, such as unusual login times, unexpected email attachments, or strange communication patterns, the system flags these anomalies, proactively mitigating phishing attempts within an organization.

Complementing XDR is the role of a Unified Endpoint Management (UEM) solution. Beyond being a repository from which XDRs can leverage endpoint data, UEMs are also essential in the area of ​​patch management, enforcing password policies and access management. By enabling timely patching, UEM keeps all systems up to date, reducing vulnerabilities that phishing campaigns often exploit. Additionally, consistent password policies across all endpoints, including password complexity, multi-factor authentication, and access controls, protect the primary factor that breaks—passwords. So an integration between XDR and UEM creates a comprehensive defense against phishing threats. XDR detects and responds to attacks, while UEM helps establish the first line of defense protocols. If a breach occurs, UEMs can also remotely wipe compromised devices to contain the damage.

Ultimately, the ultimate goal should always be to move to a zero-trust architecture. While UEM and XDR are essential in this journey, they are not the whole picture. By adopting role-based access controls and rigorously authenticating every account before it gains any data-handling privileges, administrators can fully embrace the principle—trust no one, always verify. This approach helps prevent unauthorized access in the event of a breach and greatly limits potential damage by limiting lateral movement.

Finally, it comes down to human vigilance

Even with the most advanced security measures, they are completely ineffective if employees are not up to date phishing techniques and critical details to watch out for. Business leaders should invest in effective training programs that aren't monotonous for employees and often include common markers like bad grammar and failed personalization. It should go further by conducting AI-simulated phishing exercises that create awareness of authenticating email sources, verifying URLs and domain names against the actual company, and developing a sense of skepticism to assess and respond to critically respond to very convincing phishing scenarios.

Additionally, the basic practices of implementing strong, unique passwords for each account coupled with multi-factor authentication (MFA) are lifelong measures that will always remain essential.