Generative AI Fuels Over 300% Spike in Malicious Emails: Report

In a troubling development for cybersecurity experts, the last six months have seen a staggering 341 percent increase in malicious emails. These include a significant rise in phishing, Business Email Compromise (BEC), and other message-based attacks, driven largely by the rapid expansion of generative AI. The findings, part of the latest State of Phishing Report from SlashNext, underscore the growing threat posed by advanced AI technologies in the realm of cybercrime. The report highlights the alarming trend since the launch of OpenAI's ChatGPT in November 2022, which has seen a 4,151 percent surge in malicious emails.

One of the most concerning aspects of this increase is the rise in credential harvesting phishing attacks, which has jumped by 217 percent over the same period. Business Email Compromise attacks have also seen a notable 29 percent uptick. Mobile phones have emerged as a particularly vulnerable channel, with 45 percent of all mobile threats now reported as SMS smishing attacks. These statistics paint a grim picture for organizations trying to safeguard their digital assets, as mobile devices become an increasingly common target for cybercriminals.

"Humans have always been the weakest link in any organization's security chain," says Patrick Harr, CEO of SlashNext. "There’s a reason why threat actors continue to refine tactics like phishing, which have been around for decades—they are highly effective." According to Verizon's 2024 Data Breach Investigations Report, the human element remains a critical vulnerability. Alarmingly, it now takes a median time of only 21 seconds for a user to click on a malicious link and just another 28 seconds to enter their personal data. Harr notes that generative AI tools are being exploited to craft highly convincing messages, dramatically increasing both the speed and volume of these attacks with minimal cost.

Another emerging threat is the rise of CAPTCHA-based attacks, particularly those using CloudFlare. Cybercriminals are creating thousands of domains and implementing CloudFlare’s CAPTCHA to hide credential phishing forms from security protocols that can’t bypass these obstacles. This tactic allows attackers to mask their malicious intent more effectively, complicating efforts to detect and prevent these phishing attempts. The use of CAPTCHA essentially serves as a smokescreen, making it harder for automated systems to flag and block malicious content.

The dramatic increase in phishing and other harmful email attacks highlights the necessity for increased alertness and improved security strategies. Organizations must consistently update their employees on the newest phishing techniques and strengthen their cybersecurity measures to keep up with the advancing threats. With the progression of generative AI, it is essential for both individuals and companies to stay ahead of cyber attackers. Investing in state-of-the-art threat detection technologies and fostering a culture of cybersecurity awareness can greatly mitigate these risks. The conflict between cybercriminals and cybersecurity professionals is ongoing, and remaining knowledgeable is the foremost defense.