AI vs Human Endeavors in Phishing: An Examination of the IBM X-Force Research on Cybersecurity Threats

Phishing, a technique employed by threat actors to deceive individuals into divulging sensitive information, remains the primary infection vector for cybersecurity incidents. IBM X-Force undertook a groundbreaking research project led by Chief People Hacker Stephanie “Snow” Carruthers, exploring the efficiency of human-written phishing emails compared to those generated by AI language models. Their findings shed light on the factors contributing to the success of human-written emails, the looming threat of AI tools, and offer recommendations to counter the growing influence of generative AI in cybercrime.

The research project by IBM X-Force, under the guidance of Stephanie Carruthers, aimed to examine the effectiveness of human-written and AI-generated phishing emails. Carruthers sought to ascertain whether AI-based approaches could outperform the human touch in deceiving recipients.

Click Rates of Human-Written vs. AI-Generated Phishing Emails

Analyzing the data, Carruthers discovered that human-written phishing emails exhibited a 3% higher click rate compared to their AI-generated counterparts. Delving deeper, it was revealed that the AI-generated emails garnered an 11% click rate, while human-written emails proved slightly more successful at 14%.

Factors Contributing to the Success of Human-Written Emails

The researchers attribute the success of human-written emails to their ability to appeal to human emotional intelligence. These emails were crafted carefully, exploiting psychological triggers and persuading recipients to take action. Furthermore, the selection of a specific program within the organization, instead of employing vague or generic topics, allowed the human-written emails to appear more authentic and relevant.

Threat of AI Tools for Phishing

The emergence of tools such as WormGPT, an industrial variant of ChatGPT, raises concerns over the potential for AI models to bypass ethical guardrails and facilitate sophisticated phishing attacks. These unrestrained AI versions offer a streamlined approach for attackers to scale their operations, intensifying the threat faced by organizations and individuals.

Phishing as the Common Infection Vector

IBM’s 2023 Threat Intelligence Index substantiates that phishing remains the most prevalent infection vector for cybersecurity incidents. With the continued evolution of AI and its integration in cybercrime, the significance of tackling phishing attacks becomes increasingly crucial.

Potential Use of Generative AI for Attackers

Carruthers highlights the possibility of generative AI augmenting open-source intelligence analysis for attackers. Though not explored in the research project, the growing sophistication of generative AI models may provide cybercriminals with advanced tools to orchestrate more efficient and targeted phishing campaigns.

As the research conducted by IBM X-Force reveals, human-written phishing emails still exhibit a superior success rate compared to their AI-generated counterparts. The ability to target emotional intelligence and adopt a personalized approach remains a fundamental advantage. However, as generative AI continues to advance, the threat landscape evolves, necessitating a holistic and collaborative approach to cybersecurity. Adapting preventive measures, enhancing employee training, and remaining vigilant against the capabilities of generative AI are crucial for organizations to protect themselves from the ever-growing peril of phishing attacks.

Explore more

D365 Supply Chain Tackles Key Operational Challenges

Imagine a mid-sized manufacturer struggling to keep up with fluctuating demand, facing constant stockouts, and losing customer trust due to delayed deliveries, a scenario all too common in today’s volatile supply chain environment. Rising costs, fragmented data, and unexpected disruptions threaten operational stability, making it essential for businesses, especially small and medium-sized enterprises (SMBs) and manufacturers, to find ways to

Cloud ERP vs. On-Premise ERP: A Comparative Analysis

Imagine a business at a critical juncture, where every decision about technology could make or break its ability to compete in a fast-paced market, and for many organizations, selecting the right Enterprise Resource Planning (ERP) system becomes that pivotal choice—a decision that impacts efficiency, scalability, and profitability. This comparison delves into two primary deployment models for ERP systems: Cloud ERP

Selecting the Best Shipping Solution for D365SCM Users

Imagine a bustling warehouse where every minute counts, and a single shipping delay ripples through the entire supply chain, frustrating customers and costing thousands in lost revenue. For businesses using Microsoft Dynamics 365 Supply Chain Management (D365SCM), this scenario is all too real when the wrong shipping solution disrupts operations. Choosing the right tool to integrate with this powerful platform

How Is AI Reshaping the Future of Content Marketing?

Dive into the future of content marketing with Aisha Amaira, a MarTech expert whose passion for blending technology with marketing has made her a go-to voice in the industry. With deep expertise in CRM marketing technology and customer data platforms, Aisha has a unique perspective on how businesses can harness innovation to uncover critical customer insights. In this interview, we

Why Are Older Job Seekers Facing Record Ageism Complaints?

In an era where workforce diversity is often championed as a cornerstone of innovation, a troubling trend has emerged that threatens to undermine these ideals, particularly for those over 50 seeking employment. Recent data reveals a staggering surge in complaints about ageism, painting a stark picture of systemic bias in hiring practices across the U.S. This issue not only affects