The changing face of phishing

Oliver Paterson at VIPRE Security Group describes the evolving phishing techniques that organisations need to counter in an evolving AI-powered threat environment

 

Phishing is on the rise. An analysis of over seven billion emails (real-world traffic) in 2024 shows that phishing is at the top of cyber-criminals’ security breach tactics food chain. Of all the phishing methods, cyber-criminals deployed malicious links (70%) the most in phishing attempts.

 

Additionally, URL redirection emerged as the dominant phishing tactic, accounting for 51% of all phishing attempts. There’s a reason for this preference amongst cyber-criminals. The URL redirection ploy can employ trusted sites. Once a user clicks, they are forced onto a compromised site, where they are likely to offer their credentials or even enter confidential information.  

 

The prognosis for phishing in 2025 is that it shows no signs of reducing. Making matters worse, AI-powered phishing and social engineering attacks pose an escalating threat, as cyber-criminals are now harnessing automation to launch sophisticated campaigns at scale. This technological shift makes attacks both more efficient to execute and significantly harder to detect, leaving individuals and organisations increasingly vulnerable.

 

Thanks to AI, phishing emails have evolved beyond traditional red flags like spelling errors, generic greetings, and low-quality branding – making these once-reliable warning signs obsolete for detecting malicious messages.

 

Advancing sophistication of AI-led phishing 

Here are some ways in which phishing techniques are evolving, strengthened by AI: 

 

Real-time, contextual phishing is becoming increasingly sophisticated. Criminals are leveraging AI to generate messages that align with current events, industry trends, and local happenings, making their deceptive communications appear authentic, credible, and trustworthy.

 

Conversational phishing is evolving rapidly. Advanced language models now enable cyber-criminals to deploy intelligent chatbots for phishing attacks. These chatbots can craft dynamic, personalised interactions that adapt in real-time to victim responses, making fraudulent conversations highly nuanced and increasingly difficult to distinguish from legitimate ones.

 

Synthetic media has reached new levels of sophistication. Attackers are now producing highly convincing video deepfakes that resist detection. Voice cloning technology has similarly advanced, requiring only very brief audio samples to create persuasive voice imitations. These manoeuvres are enabling criminals to manipulate victims into financial fraud and data disclosure. 

 

Behavioural targeting and hyper-personalisation are becoming refined. Criminals are employing AI-powered analytics to craft precisely targeted phishing attacks that leverage victims’ digital footprint and recent behaviours – from shopping patterns to social media activity. These exceedingly customised and personalised deceptive messages present significant detection challenges.

 

Fake AI-generated social media personas are proliferating across social platforms. These sophisticated fake accounts mimic authentic users, enabling criminals to build long-term relationships with potential victims and establish credibility before launching attacks.

 

AI-enhanced malicious websites and links represent a growing success area for cyber-criminals. These fraudulent sites are virtually indistinguishable from legitimate ones and easily bypass traditional security and detection measures. Current detection tools struggle to identify these sophisticated imitations, leading to increased success rates for attackers.

 

Adaptive, dynamic phishing stands as perhaps the most elusive threat. Criminals are using AI-powered systems to monitor and adjust their tactics based on victim engagement patterns in real-time. By analysing response timing, communication styles, and expressed doubts, they are dynamically modifying their approach when interacting with victims to maximise success rates.

 

Phishing-turned-ransomware attacks are gradually becoming more prevalent. These ‘essentially’ phishing attacks incorporate AI to identify and exploit vulnerabilities faster, potentially combining data theft with ransomware demands.

 

AI-powered deception

Phishing attacks, which are rooted in social engineering deception, are evolving dramatically with AI, rendering conventional defences obsolete. The human element, traditionally considered the strongest security barrier, is increasingly becoming more vulnerable as established anti-phishing training is proving inadequate against sophisticated AI-generated deception.

 

There’s a critical vulnerability in current email defence mechanisms too. For instance, standard email security features embedded in popular platforms are unable to differentiate between legitimate communications and AI-crafted phishing attempts. 

 

Today, the fundamental issue lies in the outdated nature of current anti-phishing strategies deployed by organisations to confront AI-enhanced threats. Traditional security measures, such as data loss prevention notifications and spam filters, operate on a reactive basis, only responding once threats are detected.

 

These conventional approaches lack the sophisticated, real-time detection capabilities necessary to counter the dynamic and evolving nature of AI-based phishing campaigns, leaving organisations dangerously exposed to sophisticated attacks.

 

Advanced threats need advanced tools

Effectively countering AI-powered phishing attacks requires a comprehensive defence framework that combines human awareness with technological innovation. Security awareness and education remains vital, but they must incorporate practical training that simulates contemporary AI-driven threats. Employees need hands-on experience to identify sophisticated deception tactics and understand how sensitive business information can be compromised through the various coercion methods that cyber-criminals are using today. 

 

Technology solutions, of course, serve as a critical defensive foundation. Data loss awareness tools are needed to complement traditional prevention measures such as data loss prevention solutions. These systems provide proactive alerts to employees when they encounter potentially dangerous emails, deepfakes, synthetic media, or chat interactions.

 

Additionally, implementing robust email threat protection solutions featuring attachment sandboxing and remote browser isolation can help contain malware and viruses commonly embedded in phishing attempts through emails, links, attachments, and QR codes.

 

Organisations must harness AI’s capabilities for defence, using it to detect and counter sophisticated threats alongside other important and already well-established security measures such as multi-factor authentication, independent verification protocols, and continuous monitoring.

 

This technological approach must be anchored in a zero-trust philosophy, where every communication is treated with scepticism and requires verification, regardless of its apparent legitimacy.

 

This multi-layered security strategy presents the strongest defence against criminals who are relentlessly weaponising existing and emerging technologies for deception and manipulation.

 

By combining enhanced human awareness, advanced technological tools, and AI-powered countermeasures within a zero-trust framework, enterprises can better protect themselves against attacks aimed at financial exploitation and business disruption. 

 

---

 

Oliver Paterson, Director of Product Management, VIPRE Security Group

 

Main image courtesy of iStockPhoto.com and Just_Super