View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 25, 2023updated 27 Sep 2023 8:09am

AI is amplifying phishing cyberattacks – ENISA

The scam attacks pose the biggest threat to businesses and citizens, the cybersecurity agency says.

By Claudia Glover

Phishing and social engineering attacks remain the most common initial attack vector for cyberattacks, according to the ENISA, the European Union’s cybersecurity agency. ENISA says the power behind phishing attacks has been bolstered by the wider availability of AI systems.

ENISA warns of technological advancements exacerbating phishing attacks (Photo by rafapress/Shutterstock)

The organisation is highlighting the threat posed by phishing – where attackers attempt to trick a victim into downloading malware or giving up valuable personal information – as part of European cybersecurity month, a campaign which runs throughout October.

An increasing availability of detailed behavioural data online is a major driving force behind this issue, ENISA says, with social media phishing attacks posing a growing threat to businesses. Security company Trend Micro explains that information gleaned by hackers from social media can include login credentials, credit card information, and personal information that can then be used to launch scams and attacks.

Emerging technologies are adding to the problem. ENISA says that “the use of AI and automation by machine learning allows attackers to analyse user behaviour and launch targeted attacks.”

According to a report by IT support company AAG, an estimated 3.4 billion phishing spam emails are sent per day, and 83% of UK businesses that suffered cyberattacks last year reported that phishing was the mode of entry for the perpetrators

“Scammers are getting more creative in their ways of attacking individuals and organisations,” says Thierry Breton, commissioner for internal market. “It is therefore essential to stay alert with new technology and to take our online safety very seriously. Cyber threats are evolving at a rapid pace and citizens’ behaviour can play a fundamental role in how we stay cyber secure – it is our shared responsibility.”

Juhan Lepassaar, ENISA’s executive director, said that people need greater of how phishing attacks work to stay safe online. “Explaining how social engineering works in practice, creates awareness of potential traps,” he said.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The campaign this month will draw the attention of users of all ages to the different social engineering techniques used by attackers against them and enable them to exercise caution. Activities and information will be provided to help them get familiar with the various ways in which they can be tricked by cyber criminals. They will also learn how to identify and spot potential scams. 

Margaritis Schinas, EU vice-president for promoting our European way of life, said: “The European Cybersecurity Month aims to raise our cybersecurity awareness and get us up to speed with cyber threats.” She added: “It reminds us that we can easily step up our own cybersecurity by getting into some good digital habits.”

Read more: AI will extend the scale and sophistication of cybercrime

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.