AI is making phishing attacks personalised and smarter

Question

AI is making phishing attacks personalised and smarter

Nikhilesh TayalLeader posted Sep 2, 2025 Originally published at www.linkedin.com 1 min read

For Example:

Traditional Phishing: “Dear Customer, your bank account is locked. Click here to reset.”

Targeted phishing: “Hi Nikhilesh, this is Rahul from Winsaga Edutech’s partner team. Here’s the updated contract you requested yesterday, please review and sign.” (actually a malware link)

This isn’t random spam.

Hackers are now using AI to:

Scan your digital footprint (LinkedIn posts, company websites, even old resumes)

Craft emails that sound like they were written for you

Bypass the usual “red flag” checks we rely on

And it doesn’t stop there.

A North Korea–linked group, Famous Chollima, reportedly used AI-based voice and video tools to pass job interviews, hiding their true identity while gaining insider access.

Attacks are no longer “spray and pray.”

They’re tailored to you, your role, and your context, making them harder to spot and easier to fall for.

The question is - are your defences ready for that level of sophistication and personalisation?

chevron_left

Commenters (This Week)

Contribute meaningful comments to climb the leaderboard and earn badges!

Ben Kiehlverified · Answer 1 · 2025-09-03T11:09:29+0000

Important read, thanks for sharing. Do you think AI-driven phishing will soon make traditional email filters obsolete, or can cybersecurity tools keep up with this level of personalization?

Nikhilesh Tayal · Answer 2 · 2025-09-03T12:30:09+0000

The key is AI vs AI: smarter, context-aware defenses to keep up with personalised attacks.

Tom Smithverified · Answer 3 · 2025-09-03T14:19:04+0000

Based on my conversations at Black Hat 2025, this article captures a critical trend that security leaders are grappling with right now. The shift from "spray and pray" to hyper-targeted attacks is real and accelerating.

What stood out from my discussions with experts like Jim Dolce from Lookout is that AI isn't just making phishing more personalized—it's expanding the attack surface beyond email. His team demonstrated how they created a convincing voice phishing attack in just 15 minutes using AI. The synthetic voice was so realistic that even his wife couldn't distinguish it from his real voice.

The Famous Chollima example you mentioned aligns with intelligence I heard from Cristian Rodriguez at CrowdStrike. Their research shows this North Korean group has infiltrated over 320 companies—a 220% increase—using AI-generated résumés and deepfake technology in video interviews. They've become what Rodriguez calls "the most GenAI-proficient adversary."

But here's what the article doesn't capture: defenders actually have some advantages in this AI arms race. Ryan Fetterman from Splunk showed how they're using AI for "model-in-the-loop threat hunting," achieving 80% accuracy in detecting malicious PowerShell scripts while reducing analysis time from five minutes to two seconds.

The real challenge isn't just recognizing sophisticated phishing—it's that organizations can no longer train their way around these attacks. As Dolce pointed out, "You cannot train your way around an AI-generated exploit. The AI-generated exploit is way too smart."

The defense now requires AI-powered solutions that can analyze communication patterns in real-time. Lookout's approach achieves 98% accuracy by asking AI models to evaluate whether messages are legitimate, matching the sophistication of AI-powered attacks with AI-powered defenses.

The question isn't whether your defenses are ready—it's whether you're fighting AI with AI.

Dilip Kumar · Answer 4 · 2025-09-18T06:16:02+0000

Dilip Kumar • Sep 18, 2025

AI scams are real!

Nikhilesh Tayal · Answer 5 · 2025-09-18T11:34:32+0000

Nikhilesh Tayal • Sep 18, 2025

Yes, more than real!

	I’m a Senior Dev and I’ve Forgotten How to Think Without a Prompt Karol Modelskiverified - Mar 19
	Agent Action Guard praneeth - Mar 31
	AI Reliability Gap: Why Large Language Models are not for Safety-Critical Systems praneeth - Mar 31
	AI Agents Don't Have Identities. That's Everyone's Problem. Tom Smithverified - Mar 13
	Defending Against AI Worms: Securing Multi-Agent Systems from Self-Replicating Prompts alessandro_pignati - Apr 2

AI is making phishing attacks personalised and smarter

0 Comments

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to comment on this post.

More Posts

I’m a Senior Dev and I’ve Forgotten How to Think Without a Prompt

Agent Action Guard

AI Reliability Gap: Why Large Language Models are not for Safety-Critical Systems

AI Agents Don't Have Identities. That's Everyone's Problem.

Defending Against AI Worms: Securing Multi-Agent Systems from Self-Replicating Prompts

More From Nikhilesh Tayal

Physics might be entering its own “LLM moment.”

AI Agent logs into humanity:

Is AI giving more power to hackers/ attackers than to developers?

Related Jobs

Commenters (This Week)

Welcome to Coder Legion

Connect with 4,039 amazing developers

Don't have an account? Sign up

OR

AI is making phishing attacks personalised and smarter

0 Comments

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to add a comment.

Please log in to comment on this post.

More Posts

More From Nikhilesh Tayal

Related Jobs

Commenters (This Week)