AI-Generated Phishing Attacks Are Becoming Increasingly Effective At Targeting Executives - 1

Image by Jacky Chiu, from Unsplash

AI-Generated Phishing Attacks Are Becoming Increasingly Effective At Targeting Executives

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Corporate executives are increasingly becoming the targets of sophisticated phishing scams, with AI technology being used to craft hyper-personalized fraudulent emails.

In a Rush? Here are the Quick Facts!

  • AI bots analyze online profiles to scrape personal details for targeted scams.
  • More than 90% of cyberattacks begin with a phishing email, experts say.
  • AI-powered scams can bypass traditional email filters and cybersecurity defenses.

As AI rapidly evolves, cybercriminals are harnessing this fast-developing technology to create attacks that are not only more convincing but also harder to detect.

Leading companies, including British insurer Beazley and e-commerce giant eBay, have issued warnings about a surge in phishing scams that seem to have personal details about executives, as noted today by the Financial Times (FT).

FT notes that these scams are likely fueled by AI’s ability to analyze online profiles and scrape vast amounts of data, which hackers use to build targeted attacks. Additionally, recent research revealed that AI-Generated malwares evade programmer’s detection in 88% of cases .

“This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” said Kirsty Kelly, Beazley’s Chief Information Security Officer, as reported by FT. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”

FT notes that AI’s capacity to process and replicate specific tones and styles is a key factor driving these developments. It can quickly analyze a company’s communication patterns, as well as an individual’s social media activity , to tailor a phishing email that is not only plausible but also relevant to the recipient’s interests or recent activities.

“The availability of generative AI tools lowers the entry threshold for advanced cybercrime,” explained to FT Nadezda Demidova, a cybercrime security researcher at eBay. “We’ve witnessed a growth in the volume of all kinds of cyberattacks, particularly in polished and closely targeted phishing scams.”

The rise in AI-driven attacks is a growing concern, with AI enabling hackers to create “perfect” phishing emails that can bypass traditional cybersecurity measures.

Kip Meintzer, an executive at Check Point Software Technologies, emphasized to FT that AI gives hackers an unprecedented ability to write emails that seem indistinguishable from legitimate correspondence.

The consequences of these scams can be severe. According to the U.S. Cyber Defense Agency , over 90% of successful cyberattacks begin with a phishing email. As attacks become more sophisticated, the costs associated with data breaches are escalating. IBM reported that the global average cost of a data breach has risen nearly 10% to $4.9 million in 2024.

AI is also proving particularly effective in business email compromise scams, a type of phishing that involves tricking recipients into transferring funds or divulging confidential information, says FT. Phishing scams powered by AI are not only more difficult to spot but also more likely to bypass basic email filters and cybersecurity training.

FT explains that traditional filters, which are designed to block bulk, repetitive phishing attempts, may struggle to detect scams that are continuously reworded by AI, further escalating the risks for businesses and individuals alike.

Researchers Warn Of LLM Vulnerabilities In Harmful Content Generation - 2

Image by frimufilms, from Freepik

Researchers Warn Of LLM Vulnerabilities In Harmful Content Generation

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A novel method, termed the “Bad Likert Judge” technique, has been developed to bypass the safety measures in large language models (LLMs) and enable them to generate harmful content.

In a Rush? Here are the Quick Facts!

  • The technique increases jailbreak success rates by over 60%, say Unit42 researchers.
  • Multi-turn attacks exploit LLMs’ long-term memory, bypassing advanced safety features.
  • Vulnerabilities are most prominent in categories like hate speech and self-harm.

The Bad Likert Judge technique exploits the Likert scale—a common method for measuring agreement or disagreement—to trick LLMs into producing dangerous responses, as explained by cybersecurity researchers at Unit42 .

LLMs are typically equipped with guardrails that prevent them from generating malicious outputs. However, by leveraging the Likert scale, the new technique asks an LLM to evaluate the harmfulness of various responses and then guides the model to produce content with higher harmful ratings, as explained by Unit42.

The method’s effectiveness has been tested across six advanced LLMs, revealing that it can increase the success rate of jailbreak attempts by over 60%, compared to standard attack methods, says Unit42.

The Bad Likert Judge technique operates in multiple stages, explains Unit42. First, the LLM is asked to assess responses to prompts on the Likert scale, rating them based on harmfulness.

Once the model understands the concept of harm, it is prompted to generate various responses to match different levels of harmfulness, allowing attackers to pinpoint the most dangerous content. Follow-up interactions may further refine these responses to increase their maliciousness.

This research highlights the weaknesses in current LLM security, particularly in the context of multi-turn attacks. These types of jailbreaks, which manipulate the model’s long-term memory, are capable of bypassing even advanced safety measures by gradually guiding the model toward generating inappropriate content.

The study also reveals that no LLM is completely immune to these types of attacks, and vulnerabilities are particularly evident in categories such as harassment, self-harm, and illegal activities.

In the study, the Bad Likert Judge method showed a significant boost in attack success rates across most LLMs, especially in categories like hate speech, self-harm, and sexual content.

However, the research also emphasizes that these vulnerabilities do not reflect the typical usage of LLMs. Most AI models, when used responsibly, remain secure. Still, the findings suggest that developers must focus on strengthening the guardrails for categories with weaker protections, such as harassment.

This news comes just a week after it was revealed that AI search engines, like ChatGPT, can be manipulated by hidden content, influencing summaries and spreading malicious information .

The researchers call for developers and defenders to be aware of these emerging vulnerabilities and take steps to fortify AI models against potential misuse.