It’s a busy Monday afternoon, your workplace is buzzling with unfinished work. You notice an email pop up from your boss and you click on it. It notes: Quickly download the file attached and fill in its contents! Not thinking much of it — you click on file to download. Two clicks is all it takes. Two clicks and then your computer just downloaded malware. Just two clicks. Soon you realize it too late, you were a victim to a phishing attack.

What are phishing attacks?

Phishing attacks are a social engineering attack to steal your information. They use techniques to manipulate people into revealing it such as opening a file or clicking on a link. It has been reported by IBM’s researchers, phishing makes up for 15% of data breaches making companies lose millions. Additionally, now with the implications of AI, it is even more difficult to identify the real between the fake messages as they personalize them. Malwarebytes noted there was a high 54% click through ratio when people saw those AI generated phishing emails.

Now, let’s move on to the motives. Why do attackers spam emails or target individuals for? Attackers do all of that unethical work in order to gain:

• Social Security Numbers
• Bank Account Details
• Login Credentials

Valuable Strategies to Identify Phishing Emails:

1. The Tone of Voice:
With AI being able to do reconnaissance (gathering intelligence on your personal background and coworkers from sites such as LinkedIn), emails sound way more personalized and detailed. However if you know the coworkers who the AI is posing as, you would know that they would not normally speak like that. Make sure to compare the email with how your coworker normally speaks because AI’s grammar and spelling is too perfect. AI speaks in a too formal and unusual way compared to people, so be wary of that.

2. Unanticipated Email:
Receiving an email at a strange timing could be a major red flag. For instance, if you got an email where your boss is asking you to download some files on an idea that they disagreed on previously, it is something to pause on. If the email does not match the conversation of what happened before with that person, it may be AI.

3. A Sense of Urgency:

When the email has an urgent tone to take action, make sure to step back and think carefully. Attackers mainly want to create an emotion that a terrible event would occur if action is not taken. These emotions leads to users to click on the links because their sense of caution disappears when emotion is involved.

4. Strange Response Times:

AI can email people during strange times. Receiving an email at 2AM from your coworker on a Saturday is quite suspicious. People would be normally off duty and enjoying their lives and rather not work at such a late time. Additionally, AI may send out emails that are based off a schedule. If the email is being responded at 6 o’clock every time, that could be a red flag.

5. Generic Greetings:

AI could send out phishing emails in the masses. So, they would have to use generic greetings that fit every person. For instance, they may greet a person with “Dear Customer” instead of using a person’s real name.

6. Strange Links

Phishing emails have links that lead to another website. These websites may look authentic, however their url may be a bit different. For example, there may be a link to “chasee.com” where they pretend to be the Chase bank in order to steal your credentials. Make sure to hover over links before clicking on them to ensure their authenticity.

7. Irrelevant Emails

Receiving an email that does not match the precious context of what you were chatting about may be a red flag. For example, the AI may pose as someone you know, but speak something that is completely irrelevant to what you were discussing two days ago.

How Do We Defend Against Phishing Attacks?

Now that we know how to recognize AI powered phishing emails, let’s learn how to protect ourselves.

We must be able to:

• Resist the temptation of clicking links
• Turn on MFA for extra protection
• Report the Email as Spam
• Have Backup for Important Data

I hope you took away valuable insights from this article. Feel free to check out another article I made: