The New Generation of Phishing
Phishing has consistently been the most accessible form of cybercrime. What used to be badly written emails from a “Nigerian prince” asking for urgent help has evolved into sophisticated, personalized attacks. With generative AI today, phishing is much more difficult to detect; it appears as a legitimate email from your bank, a legitimate email from your boss, or even a legitimate email from your lawyer.
AI enables criminals to generate perfect grammar, perfect formatting, and contextually informed language that mimics the writing style of trusted senders. There are no typos, no forced transitions; a smoothly constructed message with a request that is believable enough to ignore the frailty of human instincts.
Bezalel Eithan Raviv, CEO of Lionsgate Network:
“The grammar errors are gone. AI makes scam emails read like your lawyer wrote them. Old instincts won’t save you anymore.”
Case Study: AI-Powered Phishing in Action
In 2023, a U.S. healthcare business reported a phishing attack that involved an attacker who had utilized ChatGPT-like text to impersonate the CFO of the organization. The e-mail noted actual ongoing projects (likely scraped from LinkedIn and press releases) and requested a transfer of $1.2 million to a “partner vendor.” The e-mail was so convincing to even the organization’s finance director, who initially approved the request.
In Europe, banks have faced AI-personalized spear-phishing campaigns. Criminals mined LinkedIn profiles, learned employee roles, and then used AI to create legitimate-seeming emails that were targeted to those roles. Employees received emails appearing like periodic updates related to projects from their supervisors, complete with the jargon and corporate tone. The end result was compromised credentials, compromised systems, and illegitimate wire transfers.
Why AI Phishing Is More Dangerous Than Ever
AI phishing differs from traditional phishing in the following ways:
- Scalable – Cybercriminals can produce thousands of original and convincing emails almost instantaneously.
- Personalized – AI can scour social media sites, corporate biographies, and press releases to produce custom messages.
- Adaptive – Cybercriminals can instantly change wording to get around spam traps or detection failures.
- Multilingual – AI can write copious amounts of text in any targeted language, which can expand the attack surface globally.
Raviv:
“Phishing used to be a numbers game. Today it’s a sniper rifle: one email, one target, one payday.”
The Victim’s Side: Financial and Emotional Loss
For victims, AI phishing attacks typically mean losing company funds:
- Employees allow an unauthorized transfer of funds to a fraudulent bank account.
- People surrender credentials for online banking and lose their savings overnight.
- Businesses having invoices hijacked, causing the payment to be sent to fraudsters instead of the vendor.
Beyond finances, there is the mental impact of shame, damaged reputations, and loss of trust in organizations. There’s a tendency for victims to think they “should have seen this coming,” but with the way AI can work with precision, even the most prudent professional will still be taken advantage of.
This mirrors what we often see in the world of cryptocurrency fraud. Victims searching for crypto scam recovery are particularly vulnerable, and sadly, some fall prey to a crypto recovery scam, where fake services promise to get stolen funds back but disappear after taking more money. Choosing legitimate crypto recovery services is as critical as detecting phishing itself.
How to Defend Against AI Phishing
The good news: there are defenses. Companies and individuals can adapt to this new era with layered protections.
- Multi-factor identification: This can obstruct unauthorized logins even if adoptive keys are compromised.
- Out-of-band verification: Always verify high-value requests on a second channel (phone call, internal system).
- Employee Training: Phishing drills should include AI-style messages that look authentic.
- Email Security Tools: Invest in anomaly detection systems that look at behavior, not just content.
- Culture of Verification: Encourage staff to question suspicious requests, even if they appear to come from the CEO.
Raviv:
“The strongest firewall isn’t software; it’s a culture where people feel safe saying, ‘Wait, let me double-check that.’”
Closing Thoughts
AI phishing involves attacks, both narrow and broad, directly infiltrating trust at every level of existence, from the boardroom of corporations to the kitchen of a general household.
Phishing will adapt any time there is improvement in AI. The only real defense is to be aware and validate anything done out of urgency; the fact is urgency must be validated. Lionsgate has had experience both watching the destruction of these attacks and seeing how simple they can be to prevent once an organization/individual implements better practices.
Like phishing, vigilance is equally critical in the crypto space. As an example, the victim of a crypto recovery scam may be better served seeking trustworthy crypto recovery services rather than falling victim to a recovery scam. Regardless if you’re protecting your inbox or recovering your funds, the moral is prevention and validation are your strongest lines of defense against modern crime.
