Phishing Detection Techniques in the Age of Generative AI

Generative AI has opened the door to a new era of phishing attacks. These AI algorithms can craft highly convincing and contextually relevant text, making it increasingly difficult to discern between legitimate communications and malicious phishing attempts.

Cybercriminals are leveraging generative AI to create sophisticated emails that closely mimic the writing style, tone, and content of genuine messages. This enables them to bypass traditional detection methods that rely on keyword matching or known patterns. AI-generated phishing emails can slip past spam filters and other security measures, posing a significant threat to both individuals and the institution.

Here are some indicators that might suggest an email claiming to be from a real person or organization was generated by AI:

1. Unusual Language Patterns: Generative AI may produce emails with unnatural or inconsistent language patterns. Look for strange sentence structures, odd phrasing, or grammatical errors that don't align with typical human communication.
2. Generic Content: Phishing emails generated by AI might lack personalization and contain generic content that could apply to a wide audience. They may use placeholders like "Dear Customer" instead of addressing you by name.
3. Unrealistic Requests or Promises: AI-generated phishing emails might make unrealistic promises or requests that seem too good to be true. Be wary of emails offering large sums of money, unrealistic discounts, or urgent requests for personal information.
4. Inaccurate Information: Check for inaccuracies or inconsistencies in the email content. AI may generate emails with incorrect details, such as misspelled company names, incorrect product information, or outdated logos.
5. Unusual Sender Information: Phishing emails generated by AI might come from suspicious or unfamiliar email addresses. Look closely at the sender's email address and domain to see if it matches the official communication channels of the purported sender.
6. Lack of Contextual Awareness: AI-generated phishing emails may lack contextual awareness or fail to reference specific details about your past interactions with the sender. Genuine emails often include references to previous conversations or recent transactions.
7. Overly Formal or Stilted Tone: While some phishing emails aim to sound professional, AI-generated content may come across as overly formal or stilted. Pay attention to the tone of the email and whether it matches the typical communication style of the sender.
8. Suspicious Subject Lines: Phishing emails generated by AI may use subject lines designed to evoke a sense of urgency, fear, or curiosity to prompt immediate action. Be wary of subject lines that pressure you to act quickly without providing sufficient context.
9. Poorly Rendered Visual Elements: If the email contains logos, graphics, or other visual elements, examine them closely for signs of poor quality or inconsistencies. AI-generated content may struggle to accurately replicate the appearance of official branding.

Remember to always exercise caution when interacting with unsolicited emails. DO NOT click on links or download attachments from suspicious sources. If you're unsure about the legitimacy of any email report it to security@ubc.ca immediately.

Go even further: What is a Reply Chain Attack?