AI Fuels 100% Surge in Phishing Attacks

The alarming speed of modern phishing campaigns has reached a critical point, with security systems now intercepting one malicious email every nineteen seconds. This represents a staggering doubling of the attack rate compared to the previous year, when filters caught one phishing attempt every forty-two seconds. This 100% surge is directly fueled by the widespread adoption of artificial intelligence by cybercriminals, who are leveraging the technology to launch faster, larger, and more deceptive campaigns than ever before.

Threat actors have moved beyond simple experimentation. AI is now a foundational tool in their arsenal, used to systematically generate, test, and deploy phishing operations on a massive scale. The outcome is a new breed of threat: polymorphic, multi-channel campaigns that constantly alter their appearance while maintaining the same harmful objectives. These adaptive attacks are proving exceptionally difficult for traditional security measures to catch.

One of the most immediate impacts of AI is the eradication of language barriers for attackers. The technology enables the composition of convincing, grammatically flawless emails in local dialects, dramatically increasing their credibility. This sophistication is evident in the rise of “conversational” phishing, emails that rely purely on social engineering without immediate malicious links or attachments. These types of messages, often associated with business email compromise scams, now account for a significant portion of all phishing traffic.

The personalization of attacks has also reached unprecedented levels. Security researchers note a troubling trend where a single phishing website can deliver different malicious payloads based on the victim’s device type. AI likely powers this adaptability, allowing a campaign to display a spoofed brand that matches the user’s browser or to optimize a fake login page specifically for mobile visitors. This concept of “polymorphism by default” extends to every element of an attack, with AI dynamically altering logos, wording, and URLs for each target. In fact, a vast majority of initial infection links identified in recent research were completely unique, making signature-based detection nearly useless.

Beyond email, there has been a parallel explosion in the use of remote access tools, both legitimate and malicious. Detections for such tools more than doubled in a single year. Attackers frequently use social engineering to trick users into installing software like ConnectWise ScreenConnect, granting them direct access to systems under the guise of providing technical support. To manage the complex logistics of these large-scale intrusions, threat actors are increasingly relying on automation and AI within their own criminal workflows.

Other notable shifts in the threat landscape include attackers’ growing preference for specific top-level domains to host their phishing sites. Use of the .es domain, for instance, saw a nineteen-fold increase in just one quarter, catapulting it to among the most abused domains globally. Furthermore, the volume of phishing emails designed to deliver malware directly saw a dramatic increase, underscoring the multifaceted and evolving nature of the threat.

These converging trends highlight a fundamental weakness in relying solely on preventative security controls at the network perimeter. The dynamic and personalized nature of AI-driven phishing means that analysis must occur after an email is delivered. Only by examining behavioral context and incorporating human validation can organizations hope to identify the sophisticated threats that easily bypass static defenses.

(Source: InfoSecurity Magazine)