AI Will Increase the Quantity — and Quality — of Phishing Scams

How businesses can prepare now.

May 30, 2024

jaap-willem/Getty Images


Post


  • Post


  • Share


  • Annotate


  • Save


  • Print

  • Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Companies need to: 1) understand the asymmetrical capabilities of AI-enhanced phishing, 2) determine the company or division’s phishing threat severity level, and 3) confirm their current phishing awareness routines.

    Anyone who has worked at a major organization has likely had to do training on how to spot a phishing attack — the deceptive messages that pretend to be from legitimate sources and aim to trick users into giving away personal information or clicking on harmful links. Phishing emails often exploit sensitive timings and play on a sense of urgency, such as urging the user to update a password. But unfortunately for both companies and employees, gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous.

    New!

    HBR Learning

    Digital Intelligence Course

    Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.

    Excel in a world that’s being continually transformed by technology.

    Start Course

    Learn More & See All Courses


    • FH


      Fredrik Heiding is a research fellow in computer science at Harvard John A. Paulson School of Engineering and Applied Sciences and a teaching fellow for the Generative AI for Business Leaders course at the Harvard Business School. He researches how to mitigate AI-enabled cyberattacks via technical innovations, organizational strategies, and national security policies. Fredrik also works with the World Economic Forum’s Cybercrime Center to improve cybersecurity standards of AI-based cyber defense.


    • Bruce Schneier is an American cryptographer, computer security professional, privacy specialist, and writer. He is a lecturer in public policy at the Harvard Kennedy School and a fellow at the Berkman Klein Center for Internet & Society. He is a board member of the Electronic Frontier Foundation, a special advisor to IBM Security, and the Chief Technology Officer of Resilient. In 2015, Schneier received the EPIC Lifetime Achievement Award from the Electronic Privacy Information Center. He is the author of 14 books.


    • AV


      Arun Vishwanath, PhD, MBA, is a distinguished scholar and practitioner at the forefront of addressing cybersecurity’s “people problem” who has contributed commentary Wired, CNN, and The Washington Post. A former fellow at Harvard University’s Berkman Klein Center, he is the founder of the Cyber Hygiene Academy and serves as a distinguished expert for the NSA’s Science of Security & Privacy directorate. He is the author of the book The Weakest Link, published by MIT Press.


    Post


  • Post


  • Share


  • Annotate


  • Save


  • Print

  • New!

    HBR Learning

    Digital Intelligence Course

    Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Digital Intelligence . Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.

    Excel in a world that’s being continually transformed by technology.

    Read More

    Fredrik Heiding Bruce Schneier Arun Vishwanath