According to new IBM research, AI vs. human deceit: Unravelling the new age of phishing tactics, generative AI tools can save phishing attackers 16 hours of work designing a scam email, but it still doesn’t have the human effect for creating convincing emails.
Researchers used five prompts, such as top areas of concern for employees and social engineering techniques, which churned out convincing phishing emails in just 5 minutes.
Meanwhile, the IBM X-Force Red social engineering team created their own phishing emails which tapped “creativity and a dash of psychology” to resonate more authentically with their targets which social engineering expert for IBM X-Force Red, Stephanie Carruthers, claimed is hard for AI to replicate. This process generally takes the IBM X-Force Red team about 16 hours and that’s not factoring in the infrastructure set-up.
A round of A/B testing revealed a 14% click rate for the human-generated phishing email which was slightly higher than the 11% rate of the AI-generated email. Also, the human-generated email was reported less frequently (52%) than the AI version (59%).
“Humans may have narrowly won this match, but AI is constantly improving. As technology advances, we can only expect AI to become more sophisticated and potentially even outperform humans one day,” Carruthers concluded.
Emily Phelps, Director, Cyware had this to say:
“Generative AI is a huge tool for adversaries to expedite common threat tactics such as phishing. Although humans may have the edge for now, AI technologies are improving with each passing day. The time to prepare for these evolving tactics is now. We can no longer rely on poor grammar and typos to clue us in to phishing emails so we must bolster regular security awareness training. Organizations must strengthen security controls to better validate who can access data. As adversaries continuously adapt their tactics, organizations must as well, updating threat detection, improving threat intelligence orchestration, and maintaining vigilance across all levels to defend against today’s threats.”
AI could seriously tip the scales in favour of the bad guys on a number of fronts. Hopefully we heed the warnings that IBM have presented and come up with countermeasures that tip the scales back in our favour.
Like this:
Like Loading...
Related
This entry was posted on October 25, 2023 at 10:23 am and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
IBM Says That Generative AI vs Human Phishing Techniques Save Hackers 16 Hours
According to new IBM research, AI vs. human deceit: Unravelling the new age of phishing tactics, generative AI tools can save phishing attackers 16 hours of work designing a scam email, but it still doesn’t have the human effect for creating convincing emails.
Researchers used five prompts, such as top areas of concern for employees and social engineering techniques, which churned out convincing phishing emails in just 5 minutes.
Meanwhile, the IBM X-Force Red social engineering team created their own phishing emails which tapped “creativity and a dash of psychology” to resonate more authentically with their targets which social engineering expert for IBM X-Force Red, Stephanie Carruthers, claimed is hard for AI to replicate. This process generally takes the IBM X-Force Red team about 16 hours and that’s not factoring in the infrastructure set-up.
A round of A/B testing revealed a 14% click rate for the human-generated phishing email which was slightly higher than the 11% rate of the AI-generated email. Also, the human-generated email was reported less frequently (52%) than the AI version (59%).
“Humans may have narrowly won this match, but AI is constantly improving. As technology advances, we can only expect AI to become more sophisticated and potentially even outperform humans one day,” Carruthers concluded.
Emily Phelps, Director, Cyware had this to say:
“Generative AI is a huge tool for adversaries to expedite common threat tactics such as phishing. Although humans may have the edge for now, AI technologies are improving with each passing day. The time to prepare for these evolving tactics is now. We can no longer rely on poor grammar and typos to clue us in to phishing emails so we must bolster regular security awareness training. Organizations must strengthen security controls to better validate who can access data. As adversaries continuously adapt their tactics, organizations must as well, updating threat detection, improving threat intelligence orchestration, and maintaining vigilance across all levels to defend against today’s threats.”
AI could seriously tip the scales in favour of the bad guys on a number of fronts. Hopefully we heed the warnings that IBM have presented and come up with countermeasures that tip the scales back in our favour.
Share this:
Like this:
Related
This entry was posted on October 25, 2023 at 10:23 am and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.