Phishing attacks pose a pervasive and ever-growing threat in the digital age, putting individuals, organizations, and even governments at risk. These deceptive tactics involve cybercriminals masquerading as trustworthy entities, often through seemingly legitimate emails, messages, or websites, to trick recipients into revealing sensitive information, such as login credentials or financial details. The danger lies not only in the potential loss of critical data and financial assets but also in the far-reaching consequences, including identity theft, ransomware infections, and compromised systems. Phishing attacks exploit human psychology, leveraging curiosity, urgency, or fear to manipulate victims into making hasty and ill-informed decisions. Marcus Fowler, CEO of Darktrace Federal, shared his insights on the importance of recognizing and reporting phishing:
"Both consumers and organizations rely on email as a primary collaboration and communication tool so raising awareness of the prevalence of phishing attacks and how to recognize and report them is important. However, the email threat landscape is constantly evolving and attackers regularly pivot and embrace new techniques to try to thwart defenses. For example, between May and July this year, Darktrace’s Cyber AI Research Centre observed an 11% decrease in VIP impersonation attempts – phishing emails that mimic senior executives – while email account takeover attempts increased by 52% and impersonation of the internal IT team increased by 19%. This is just one example of how attackers pivot as tactics become less effective and more easily recognized. This challenge is only poised to grow in the future as the widespread availability of generative AI tools provide novice attackers the ability to craft sophisticated, personalized phishing scams at scale.
In a recent survey, we found that the top three characteristics that make employees think an email is risky are: being invited to click a link or open an attachment, an unknown sender or unexpected content, and poor spelling and grammar. But generative AI is creating a world where ‘bad’ emails may not possess these qualities and are nearly indistinguishable to the human eye. It is becoming unfair to expect employees to identify every phish and security training, while important, can only go so far. Increasing awareness of and the ability to recognize phishing attempts is an important first step, but an effective path forward lies in a partnership between AI and human beings. AI can determine whether communication is malicious or benign and take the burden of responsibility off the human."