A recent study of over 53,000 email users in over 100 countries found that human social engineers outperform AI in inducing clicks on malicious links. The ratio between success rates of phishing emails created by humans and ChatGPT was significant, with human “red teamers” inducing a 4.2% click rate versus a 2.9% click rate by ChatGPT. This means that humans are 69% more successful than AI in convincing other humans to do something. The study highlights the importance of human expertise in the fight against malicious phishing activity, and the potential for AI to be used for malicious phishing activity.
A new study has revealed that AI-generated phishing attacks are becoming increasingly sophisticated and effective. Experienced users of security awareness and behavior change programs are better protected against these attacks, with failure rates dropping from over 14% to between 2% and 4%. The study also found that AI does create opportunities for both attackers and defenders and that attackers are already using AI to launch phishing attacks. To protect against these attacks, users should ensure they are well-trained in security awareness and behavior change programs.
A new study from Tanium Inc. has found that Artificial Intelligence (AI) is increasingly being used by cybercriminals to create more sophisticated phishing lures. AI-generated lures are more personalized and efficient, making them harder to detect and more likely to succeed. To combat this, the study recommends that organizations implement a dynamic security awareness and behavior change training that is regularly updated to keep up with the evolving threat landscape. Melissa Bischoping, director of Endpoint Security Research at Tanium Inc., emphasizes that while AI presents new opportunities for cybercriminals, the protections against such attacks remain essentially unchanged. Organizations should therefore focus on implementing comprehensive security awareness and behavior change training to stay ahead of the threat.
As cybercriminals become more sophisticated, organizations must update their awareness training programs to keep up. AI-driven phishing, smishing, and vishing tactics are becoming increasingly common, making it easier for threat actors to craft highly customized and convincing lures. To protect against these threats, organizations should create a “think before you click” culture by educating employees on the latest technologies and trends in phishing, smishing, and vishing. By doing so, organizations can ensure their employees are vigilant and aware of the potential risks associated with clicking on suspicious links or attachments.
Hoxhunt’s co-founder and CEO, Mika Aalto, has revealed the results of a study that shows effective security awareness and behavior change programs can protect against AI-augmented phishing attacks. Aalto recommends that organizations focus on their people and their email behavior, embedding security as a shared responsibility throughout the organization with ongoing training and rewards for reporting threats. This will help to make human threat detection a habit and ensure that organizations are better protected against malicious AI-augmented attacks.
