The Evolution Of Social Engineering And Phishing In The Age Of Artificial Intelligence

Imagine this: A world where a well-known casino resort, a beacon of entertainment and luxury, became the latest prey for the dark art of social engineering. On September 11, 2023, a digital heist unfolded, stripping away layers of security to reveal the fragile core of personal data. An unauthorized third party obtained sensitive customer information, including names, contact details, and in some cases, social security and passport numbers.¹ This is not fiction; it’s the chilling reality of social engineering and phishing in the AI era.

This real-life incident highlights not only the vulnerability of individuals, but also that of the largest organizations. It is a sobering reminder that, in the age of digital technology, even seemingly innocuous emails can pose serious threats.

The Evolution Of Deception

Social engineering has always been about exploiting human psychology. In its early days, it involved tactics like impersonation or dumpster diving to gather sensitive information. Phishing, the act of deceiving someone into disclosing confidential information, remains a significant issue in cybersecurity.

How AI Is Evolving Social Engineering And Phishing

As we have become more aware of the warning signs of these scams, the bad actors have upped their game by using AI. The days of poorly written emails with grammatical errors are long gone; instead, phishing attempts nowadays are smart, targeted and frighteningly convincing.

1. Spear phishing with AI: While phishing typically involves mass emails meant to trick recipients into divulging sensitive information, spear phishing is a more insidious variant, targeting specific individuals with tailored messages. AI amplifies the threat by enabling cybercriminals to personalize these attacks on a large scale, using data mined from online activities to craft convincing deceptions that are much harder to detect and resist.
2. Deepfakes: AI-generated deepfakes can create realistic images or videos of trusted figures, such as executives or celebrities, making it harder for individuals to distinguish between real and fake requests.²
3. AI-powered chatbots: Modern chatbots can engage with multiple targets simultaneously, initiating conversations that can lead to the disclosure of sensitive information or the clicking of malicious links.
4. Voice cloning: Advanced voice cloning technologies allow for realistic voice phishing (i.e., vishing) attacks, tricking victims into believing they are speaking with a trusted individual.²

AI algorithms, fueled by machine learning, have turned social engineering and phishing into a highly personalized attack. These systems may create messages that imitate the tone, style and content of genuine communications by analyzing vast amounts of data. They can impersonate colleagues, superiors or trusted organizations with alarming accuracy, making it increasingly difficult to discern real from fake.

The Cost Of Convincing Lies

The stakes are high. Millions of dollars can be lost in a single successful phishing attack. In 2023, phishing attacks were one of the top vectors in cybercrime, resulting in an average breach cost of $4.76 million USD.³ The use of generative AI has made it easier for attackers to bypass the defenses of even the most cautious employees.

Defending Against AI-Powered Attacks

For growing organizations, the threat of AI-enhanced phishing scams is not just a nuisance—it’s a direct challenge to their operational integrity. These organizations often find themselves in a precarious position. They possess significant assets worth protecting, yet may lack the comprehensive security infrastructure of larger corporations. Organizations must invest in security awareness training, implement robust cybersecurity measures, and stay abreast of the latest AI developments to anticipate and counteract these threats.

How Lumen Can Help

Our security capabilities are designed to provide comprehensive defense against the evolving landscape of cyberthreats, particularly those enhanced by AI, such as sophisticated phishing attacks. Lumen^® Professional Security Services include expert advice and assistance to businesses in identifying vulnerabilities, formulating security strategies and deploying the necessary technologies to defend against advanced threats. Our certified in-house experts and engineers can provide a suite of services, including risk and compliance management, vulnerability management, and penetration testing to secure your critical applications and confidential data.

Discover how your organization can lead with security and find out how to cultivate an environment where predictability, reliability and innovation thrive.

Ready to help protect your business from cyberthreats?

LEARN MORE 

¹MGM Resorts International, MGM Resorts Update on Recent Cybersecurity Issue, Oct. 5, 2023.
²Forbes, How AI Is Changing Social Engineering Forever, May 26, 2023.
³IBM, Cost of a Data Breach Report 2023, July 2023.
⁴Harvard Business Review, AI Will Increase the Quantity—and Quality—of Phishing Scams, May 30, 2024.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.