A new wave of hyper-personalised phishing scams powered by generative artificial intelligence (AI) is targeting corporate executives with alarming accuracy. These sophisticated attacks exploit publicly available personal data to craft convincing emails to deceive even the most vigilant recipients.
Cyber security experts emphasised that these attacks often rely on vast amounts of personal data scraped from online profiles, enabling hackers to tailor their scams with unprecedented precision.
Experts also note that AI bots can analyse a target’s tone, style, and online presence to create convincing phishing emails. By exploiting publicly available data, they determine the most effective topics or tactics to elicit a response,
“The availability of generative AI tools lowers the entry threshold for advanced cybercrime,” eBay cyber crime security researcher told Financial Times.
According to the United States Cybersecurity and Infrastructure Security Agency (US CISA), hacker groups successfully use phishing to infiltrate systems in over 90 per cent of cyberattacks.

As these attacks become more sophisticated, their financial tolls are growing. A recent IBM report reports that the global average cost of a data breach has risen nearly 10 per cent to about $4.88 million.
Kip Meintzer, a Check Point Software Technologies executive, says that AI has given hackers “the ability to write a perfect phishing email.” Such emails often bypass basic email filtering designed to block bulk phishing campaigns, as AI can generate thousands of unique, reworded messages in a short time.
These attacks also expose vulnerabilities in human decision-making, making even trained employees susceptible.
The advent of generative AI has revolutionised numerous industries, but it also gives cybercriminals powerful new tools to launch sophisticated attacks. This rapid AI advancement has also created a challenging environment for cybersecurity professionals. Sean Joyce, global cybersecurity lead at PwC, warned that AI is used to identify and exploit vulnerabilities in technical systems or human behaviour.
In the News: Madhya Pradesh’s child welfare agency hit by ransomware