Commercial LLM tools like ChatGPT can now be used to quickly write personalised and perfectly written phishing emails , free of the typos , grammatical errors and unnatural language that once characterised these attacks . By weaponising Generative AI tools , threat actors have made it even harder for both humans and traditional email security systems to detect malicious intent .
Leveraging AI isn ’ t the only way that cybercriminals are improving their efficiency . There has also been a rise in Phishing-as-a- Service ( PhaaS ), where cybercriminal groups offer subscription-based services that make launching
The consumerisation of SaaS has been an asset to the criminal world , where attackers can exploit free trials and freemium models to launch these kinds of attacks without exposing their true identities . phishing campaigns easier and more cost-effective for other threat actors .
Just as businesses might outsource their email marketing , this commodification of phishing has lowered the barriers to entry , enabling even less skilled attackers to execute successful campaigns with minimal effort .
In addition , Vendor Email Compromise ( VEC ) attacks have also surged . Recent data from Abnormal Security reveals that 89 % of organisations have encountered a VEC attack in the past year . These social engineering attacks exploit trusted relationships within supply chains , where attackers spoof or compromise a vendor ’ s email account to impersonate them and target other businesses .
This strategy is particularly effective because it leverages the pre-existing trust between the target and their vendor , making email attacks unlikely to raise alarms . While organisations may be confident in their own security , in reality , they may only be as secure as their weakest vendor .
Defensive strategies are keeping up
Many of these attack tactics have evolved specifically to counter mainstay email defences such as
38 WWW . INTELLIGENTCISO . COM