As the World Locked Down, AI Went Phishing 

The latest data from the Anti-Phishing Working Group (APWG), a global organisation dedicated to cybercrime prevention, shows that the number of newly discovered phishing sites jumped tenfold between 2020 and 2023, before dipping somewhat by mid-2024.  Even so, the total remains much higher than before the spike.  Phishing, in simple terms, is when online thieves pretend to be trusted organisations—like banks or schools—to trick people into giving away sensitive details such as passwords or credit card numbers. 

During the Covid pandemic, many more people worked from home and relied on personal computers and home internet connections, which gave cybercriminals extra chances to strike.  However, experts argue that it was evolving Artificial Intelligence (AI) that caused a greater share of the trouble.  Imagine a tool that can write a perfect bank letter in any language, complete with the correct logo and smooth grammar.  That is precisely what AI models, even early ones like GPT-3, can do.  Only cybercriminals use them to make realistic scam emails and fake websites. 

When a fake email looks so genuine that even your teacher or parent might not suspect anything, it becomes far easier to trick you into clicking a link or typing your details on a fraudulent page.  According to the National Crime Agency, some criminals use AI “kits” that automate the entire process, from choosing which brand to imitate to setting up a replica website.  It is a bit like having a naughty robot that assembles endless disguises, each one convincing enough to fool a different target. 

Fortunately, cybersecurity companies have not been standing still.  Many now use AI as well—like having a digital guard dog that automatically sniffs the internet for suspicious new websites or unusual activity in emails.  For example, Palo Alto Networks, a US cybersecurity company, employs automated systems that spot patterns in online traffic, so that they can sound an alarm the moment they sense something sneaky.  Similarly, another American cybersecurity vendor, Cloudflare, checks domain registrations and website behaviour to shut down imposter sites before they spread.  In fact, both firms have seen their share prices rise rapidly, as investors believe demand for AI-based defences will keep growing. 

Despite these efforts, the APWG chart still shows phishing at levels over three times what we saw a few years ago.  One reason is that cybercrooks keep tweaking their AI formulas, making each new attack slightly different.  The UK Government’s Cyber Security Breaches Survey 2023 notes that no single protective measure can fully stop such a moving target.  Every time defenders learn one trick, cybercriminals counter with another. 

That said, experts do indicate that good commonsensical habits go a long way.  For instance, the National Cyber Security Centre recommends pausing to quickly check the email sender’s address, being extra cautious with unexpected links, and using two-factor authentication (for example, a text code) wherever possible.  By doing these small and reasonable things, each of us makes it harder for AI-driven phishing scams to succeed. 

Looking at the chart, it is clear that AI has turned phishing into a bigger, faster-growing threat than ever before.  Though remote working heightened the risks, it was AI in the wrong hands that supercharged the entire operation.  Thankfully, defenders are also arming themselves with AI tools, bringing the phishing-site numbers down from their peak—yet not back to where they began.  It seems that, for now, both sides are racing to see who can use AI more cleverly.  Staying safe will require a mix of common sense, coordinated efforts by security experts, and constant vigilance against the latest phishing hooks.