top of page

How the advancement in AI is also aiding cybercriminals

Artificial intelligence (AI) is already impacting and improving many industries, enabling businesses to streamline their processes, analyse upcoming trends, forecast growth, and improve decision making to name a few.

And yet, it’s also providing cybercriminals an opportunity to deploy highly convincing tactics, including the creation of deceptive websites, fraudulent social media profiles, AI-powered scam bots and the ability to  create sophisticated phishing attacks on individuals and organisations.

AI goes phishing

Traditionally, many phishing emails have been relatively easy to spot, often with grammatical errors, suspicious sender addresses, or generic content. However, AI has provided criminals with the ability to craft highly convincing messages tailored to specific targets, making them significantly more challenging to identify.

·       Spear Phishing

Spear phishing is a highly targeted form of phishing that involves sending personalised messages to specific individuals. AI can be used to automate the process of collecting information about a target—such as their social media activity, online behaviour and personal interests. This information can then be used to create legitimate looking messages that are more likely to convince the victim to take the desired action—such as clicking on a link or providing sensitive information.

·       Deepfakes

Deepfakes are realistic videos or images created using AI that can be used to impersonate someone else. Scammers can use deepfakes to create videos or images of individuals to trick people into thinking that they are communicating with a genuine source. This could be used to carry out a variety of scams—such as duping victims to transfer money or provide share business-critical details.

·       Chatbots

AI-powered chatbots can be especially effective for cybercriminals. Chatbots allow them to engage with a lot of targets at one time and reaching more than with traditional phishing methods. Additionally, chatbots can be programmed to initiate conversations with people in the hope they will divulge sensitive information or click on malicious links. Chatbots can also be programmed to learn from previous interactions and become more sophisticated over time, making them harder to detect. 

Case study

One example of this highly sophisticated type of attack can be seen in the following case study and even though this affected a much larger company, it demonstrates the level of advancements cybercriminals are making and that no matter what size business you are, your digital security is at risk.

It was recently reported that a finance worker in Hong Kong fell victim to a sophisticated £20 million scam, orchestrated through a fake video call that featured artificial intelligence-generated images of his colleagues. Reports suggest that the fraudsters manipulated the worker into making the transfer through 15 transactions across five bank accounts, after deceiving him with a fake email and confirming their request in a video call populated entirely by AI-generated impostors of his co-workers, including his UK-based chief financial officer.

With criminals upping their game it is more important than ever to be vigilant against these types of attacks. There are plenty of positive benefits from the development of AI, but to prevent us falling victim to criminals misusing it we need to adopt a proactive and multi-layered approach to cyber security, ensuring we look to mitigate the risks posed by these sophisticated attacks and safeguard sensitive data and assets.

What can businesses do?

1.      Invest in employee training. This isn’t just for managers, but for all those in an organisation – let’s make individuals within our businesses or charities our strongest asset. Educating everyone about the tell-tale signs of phishing emails, such as suspicious sender addresses, unexpected attachments, and requests for sensitive information or large transfers of money, is crucial.

2.      Implementing multi-factor authentication (MFA) adds an extra layer of security by requiring multiple forms of verification before someone can access your accounts or systems.

3.      Ensure software, operating systems and applications are kept up to date (known as patching). This removes vulnerabilities and weaknesses that could be exploited by cybercriminals.

4.      Monitor network traffic: Network monitoring solutions can help detect potential phishing attacks. If you have a commercial firewall you may wish to learn more about Police Cyber Alarm.

5.      Share information on these attacks. By reporting to law enforcement, intelligence insights can be shared with the wider business community helping them better prepare and defend against potential attacks.

To learn more about the WCRC head to our membership and services pages where you can access a range of cyber security training programmes and additional support.




The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page