How AI and machine learning are changing the phishing game

Bad actors have learned: The more data they’re able to harvest about you, the more likely they’ll be able to successfully phish you. Which is probably why this attack vector has never been more popular.

Proofpoint’s 2022 State of the Phish report revealed that 83% of organizations suffered a successful email-based phishing attack in 2021, a 46% increase compared to 2020. Seventy-eight percent of companies faced a ransomware attack that was propagated from a phishing email, while 86% of businesses experienced bulk phishing attacks and 77% sustained business email compromise (BEC) attacks.

Global phishing attacks climbed 29% over the past 12 months to a record 873.9 million attacks, according to the latest Zscaler ThreatLabz Phishing Report, and there was a record number of phishing attacks (1,025,968) in the first quarter of 2022, per the Phishing Activity Trends report from the Anti-Phishing Working Group (APWG). But things are getting even more complicated.

Scammers are now taking and ingesting every bit of breached data found on the internet and combining it with artificial intelligence (AI) to target and attack users. This practice has some of the largest companies in the world more worried than ever before as the level of sophistication in phishing attempts grows. The scary part? There’s an increase in successful phishing and ransomware payouts, and the AI being used isn’t even that smart yet.