Let's start with the term 'phishing.' In phishing, the attacker deliberately uses psychological tactics to manipulate the victims and induce them to take certain actions. For example, by pretending that a username and password must be entered in an email, otherwise the user account will be locked, or by simulating limited-time offers. All these methods aim to get the user to perform specific actions such as clicking on a link or disclosing certain information. Phishing is the most well-known form of social engineering, where the attacker tries to obtain sensitive information or data by building pressure on the user through fear, curiosity, greed, or urgency.

 

In approximately 40% of all malware attacks, the human factor is the gateway into the corporate network that hackers use to steal sensitive data (customer data, corporate secrets). Nowadays, the majority of people share their preferences, interests, locations, etc., on various social networks.

 

Using AI, personality profiles can be created, which are then used by attackers to make phishing emails look as realistic as possible – this refers to the concept of the 'transparent human.' Phishing emails often look deceptively real, and homepages are often perfect one-to-one copies of the originals. Fake sender addresses are very difficult to detect due to minimal deviations. AI-supported voice cloning is frequently used to prompt employees to take actions (transfers, disclosure of access data for privileged users) by the supposed supervisor – CEO fraud par excellence.

 

Attackers deliberately use psychological tactics to obtain login data of individual users to infiltrate the corporate network with malware. Encryption, data theft, data publication, or deletion of the entire data inventory are the consequences, which can have far-reaching implications for companies from fines and reputational damage to bankruptcy.