menu

AI is making phishing attacks personalised and smarter

Leader posted Originally published at www.linkedin.com 1 min read

For Example:

Traditional Phishing: “Dear Customer, your bank account is locked. Click here to reset.”

Targeted phishing: “Hi Nikhilesh, this is Rahul from Winsaga Edutech’s partner team. Here’s the updated contract you requested yesterday, please review and sign.” (actually a malware link)

This isn’t random spam.

Hackers are now using AI to:

Scan your digital footprint (LinkedIn posts, company websites, even old resumes)

Craft emails that sound like they were written for you

Bypass the usual “red flag” checks we rely on

And it doesn’t stop there.

A North Korea–linked group, Famous Chollima, reportedly used AI-based voice and video tools to pass job interviews, hiding their true identity while gaining insider access.

Attacks are no longer “spray and pray.”

They’re tailored to you, your role, and your context, making them harder to spot and easier to fall for.

The question is - are your defences ready for that level of sophistication and personalisation?

If you read this far, tweet to the author to show them you care. Tweet a Thanks

Important read, thanks for sharing. Do you think AI-driven phishing will soon make traditional email filters obsolete, or can cybersecurity tools keep up with this level of personalization?

0 votes

The key is AI vs AI: smarter, context-aware defenses to keep up with personalised attacks.

0 votes

Based on my conversations at Black Hat 2025, this article captures a critical trend that security leaders are grappling with right now. The shift from "spray and pray" to hyper-targeted attacks is real and accelerating.

What stood out from my discussions with experts like Jim Dolce from Lookout is that AI isn't just making phishing more personalized—it's expanding the attack surface beyond email. His team demonstrated how they created a convincing voice phishing attack in just 15 minutes using AI. The synthetic voice was so realistic that even his wife couldn't distinguish it from his real voice.

The Famous Chollima example you mentioned aligns with intelligence I heard from Cristian Rodriguez at CrowdStrike. Their research shows this North Korean group has infiltrated over 320 companies—a 220% increase—using AI-generated résumés and deepfake technology in video interviews. They've become what Rodriguez calls "the most GenAI-proficient adversary."

But here's what the article doesn't capture: defenders actually have some advantages in this AI arms race. Ryan Fetterman from Splunk showed how they're using AI for "model-in-the-loop threat hunting," achieving 80% accuracy in detecting malicious PowerShell scripts while reducing analysis time from five minutes to two seconds.

The real challenge isn't just recognizing sophisticated phishing—it's that organizations can no longer train their way around these attacks. As Dolce pointed out, "You cannot train your way around an AI-generated exploit. The AI-generated exploit is way too smart."

The defense now requires AI-powered solutions that can analyze communication patterns in real-time. Lookout's approach achieves 98% accuracy by asking AI models to evaluate whether messages are legitimate, matching the sophistication of AI-powered attacks with AI-powered defenses.

The question isn't whether your defenses are ready—it's whether you're fighting AI with AI.

0 votes

AI scams are real!

0 votes

Yes, more than real!

0 votes

More Posts

Your best developer could be a security risk, and AI is making threats harder to detect.

Tom Smith - Aug 19

Microsoft Agent Framework Series: Create Your First AI Agent in C# & AZ Open AI

TheCodeStreet - Oct 14

AutoReviewer AI – Daily Digest for AI Researchers using Runner H

Rahul Bhave - Jul 12

How I Built PromptBank: The AI-Powered Bank That Lets You Yell at Your Money (And It Listens)

Fred - Oct 17

The Future of AI Automation in the Military: Warfare by 2030

Fred - Oct 4
chevron_left