AI phishing attacks are on the rise — Are you prepared?

Picture this: You get a text. You have an unpaid parking ticket that will go to collections soon. If you don’t pay the ticket in the next 24 hours you will be prosecuted. Your heart races and you think “when did this happen?” You quickly click the supplied link and share your credit card information. 

This phishing example will likely sound familiar to you. Whether it was experienced first-hand or by someone you know, phishing attacks are becoming more common than ever. 

• According to the Federal Bureau of Investigations (FBI), the top cybercrime in 2024 was phishing scams, which has only increased in frequency and sophistication since the rise of AI. 

• People try their best to avoid falling for these attacks, but AI-enhanced attacks are harder than ever to detect. In fact, 60% of cybersecurity breaches are now caused by human error (Verizon). 

• At an estimated $4.88M per phishing breach for organizations (Data Breach Report 2024), these attacks are financially devastating to those involved. 

• Since Chatgbt was released in 2022, phishing attacks have increased by 4151% according to a study by SlashNext.

Why it matters: Phishing attacks pose a very real threat to personal and company security, putting finances, reputation, and sensitive information at risk. 

• Stop and think! - Science says a 9 second pause is all you need to think more logically about your reaction. Next time you receive a message that sounds too good to be true, take 9 seconds before clicking on a link or responding.

• Check for red flags - Odd looking links, unnatural movement or speech in videos, misspellings, and heightened sense of urgency can indicate that this is a phishing attack.

• Try a different channel - When you aren’t sure if a message, phone call, or video is an AI phishing attack, contact the supposed sender through a separate trusted channel.

Dive deeper: Learn more about different types of phishing attacks!

While Artificial Intelligence (AI) has opened up new possibilities for productivity, it has also compounded the threats of traditional phishing attacks, putting more people and companies at risk. AI phishing campaigns are now 24% more effective than traditional phishing campaigns operated by humans, due to how quickly high quality AI attacks can be deployed at a low cost (hoxhunt).

Malicious actors running phishing attacks can now leverage the computational power of AI to analyze vast amounts of data across multiple sources to make attacks appear legitimate. AI can quickly scour the internet to find information about its victims, pulling from social media, data brokerage sites, and company resources. AI can then generate content that mimics legitimate communication; a message from a boss about the project you are working on, a phone call from a neighbor about your pet, or a video chat from your grandson asking to be bailed out of jail.

Why it matters: AI makes it much easier for attackers to craft a convincing message, and much harder for recipients to recognize scams, potentially leading to breaches and serious monetary and reputation damage.

Since Chatgbt was released in 2022, phishing attacks have increased by 4151% according to a study by SlashNext. This is no coincidence — AI has enabled malicious actors to scale phishing operations, using AI agents and automations to quickly generate and deploy trustworthy attacks. 

Why it matters: With more frequent instances of AI phishing attacks, there are more opportunities for individuals and organizations to fall for a scam. 

Phishing attacks that employ AI cost less for attackers as they require less time and resources to set up. Research by the Harvard Business Review reports that “the entire phishing process can be automated using LLMs, which reduces the costs of phishing attacks by more than 95% while achieving equal or greater success rates.” 

Why it matters: Affordable AI workflows and solutions are now widely available for use by virtually anyone, making it easier than ever to deploy a successful phishing attack campaign. 

As generative AI continues to grow and evolve, phishing attacks will become even harder to detect. It will be increasingly important to know key identifiers and build a security strategy to protect yourself and your organization from AI-enhanced phishing attacks.

AI-enhanced phishing attacks are more realistic, frequent, and cost-effective than their traditional counterparts, making them a serious and evolving threat to individuals and organizations.

Secure your credentials with Bitwarden and benefit from built in phishing protection including passkey storage, trusted website autofill, and a dedicated website launch button right in the Bitwarden application — protecting your sensitive credentials from being exposed on malicious websites.