eBay, the e-commerce giant, and several other companies are reportedly experiencing an increased volume of sophisticated phishing attacks targeting high-level employees. According to a report by the Financial Times, these scams are being carried out using artificial intelligence (AI) systems that make the emails appear more human-like, bypassing the typical signs of scam messages.
AI is allegedly being used by cyber attackers to scrape and analyze data about company executives, enabling them to add a personal touch to their emails. This approach has rendered basic security filters inadequate for identifying and blocking such messages at an organizational level.
Targeted phishing scams on the rise
Companies like eBay and the UK-based insurance firm Beazley have highlighted the rise in phishing attacks containing personal information about executives. Kirsty Kelly, Beazley’s Chief Information Security Officer, noted that AI appears to play a role in these attacks due to the personalized nature of the emails. She added that attackers likely scrape vast amounts of employee data from various sources to craft convincing messages.
Unlike traditional phishing, which often relies on vague language and grammatical errors, these AI-driven scams use emotive language and share specific personal details about the target. This makes them more convincing and increases the likelihood of success.
Lower barriers for cybercriminals
Nadezda Demidova, a cybercrime security researcher at eBay, explained that generative AI tools have significantly lowered the barriers to carrying out cyberattacks. “We’ve witnessed a growth in the volume of all kinds of cyberattacks,” she said, emphasizing the concern over “polished and closely targeted” phishing emails.
Demidova also pointed out that basic security systems, designed to block bulk phishing campaigns, struggle against AI-generated emails. The ability to craft unique, personalized emails at scale means that even high-volume attacks can evade detection.
This surge in AI-powered phishing attacks underscores the evolving threat landscape. Organizations are urged to implement advanced security measures and educate employees, especially executives, about recognizing these sophisticated scams.
As technology continues to evolve, so too do the tactics employed by cybercriminals, making vigilance and robust security infrastructure more critical than ever.
