Generative AI Results In 1760% Increase in BEC Attacks

Phishing Generative AIAs cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency.

I’ve been covering the cybercrime economy’s use of AI since it started.

I’ve pointed out the simple misuse of ChatGPT when it launched, the creation of AI-based cybercrime platforms like FraudGPT, and how today’s cybercriminal can basically create foolproof malicious content. Now we’re seeing the fruits of that labor.

According to cybersecurity vendor Perception Point’s 2024 Annual Report: Cybersecurity Trends & Insights, phishing attacks represent 70.8% of all advanced attacks via email (business email compromise or BEC) and 79,8% of web browser-based attacks.

But the interesting caveat is how all of these attacks have been “enhanced” (as Perception Point puts it) by generative AI.  According to their analysis, only 1% of attacks in 2022 utilized GenAI. But that number last year jumped to 18.6% - a 1760% increase!

I expect that number to continue to jump this year and, potentially, just as large an increase, given the popularity of GenAI and the increasing preponderance of maliciously-intended AI-based platforms.

But in the end, much of the output of AI in these circumstances is just really good phishing emails. So, it becomes that much more imperative that employees be enrolled in new-school security awareness training so they can interact with every email with a sense of vigilance and scrutiny, helping to reduce the likelihood of a successful phishing attack.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews