How Hackers are using AI

Spotting scam or phishing emails used to be easy, just check the language and format. But now, with AI, these emails are getting tougher to distinguish from legitimate messages. They are using tools to mimic the wording, style, and tone, creating very convincing fakes.

The recent data breach at a major airline, is a good example of what could have been a huge phishing attack. In this case, it seems hackers used social engineering to trick an employee into giving access to the airline’s CRM system. With the data they stole -names, emails, and rewards numbers, the next move would likely be social engineering. Picture getting a very legitimate looking email with your exact details, offering 100,000 bonus points for just $100. All you need to do is enter your credit card info. Some people would fall for it in a heartbeat. The Airline did the right thing by going public. Well informed is well armed.

In this case they didn’t get passwords, but it is most likely one of your email addresses and passwords appear on some breach database. The most recent and biggest example is 2025 Mega Leak (16 billion Records) reported June 18, 2025 which contained credentials for major platforms like Apple, Google, Facebook, GitHub, Telegram, and Government services. 

Using AI, attackers can cross reference email addresses from those breaches with public company records and positions and use that to craft a very convincing series of emails. The attackers pick the most senior people in an organisation and target them. The AI automation can sift through the millions of email addresses at lightning pace.

Modern cloud based tools like Microsoft 365 have millions of dollars a year spent on external security which make it very difficult to crack perimeter Cyber security infrastructure, so attackers now prey on the human vulnerability instead. As soon as they have the right username and password they can walk right through the front door. They generally don’t act straight away. They sit and monitor and collect before they find the right time to pounce.

You must treat every communication with suspicion. You need to protect your and fortify your Identity.

While these attack methods are always evolving you still need to get the basics right first. These are the minimum levels of protection that every person should have in place:

•    Strong passwords with randomised twelve plus characters, ideally a phrase only known to you, generally the longer the better. 
•    A Password Manager tool that centrally manages randomised passwords for every service you use
•    Multifactor authentication, authenticator apps enabled for each service anywhere it’s possible
•    Passkey – passwordless and or single sign in where possible
•    Educate your team
•    Reduce access to sensitive data
•    Change password regularly 
•    Identity Threat Detection & Response

Things you should never do:

•    Complacency 
•    Don’t reuse passwords
•    Never write passwords down
•    Don’t use names, birthdays, or common names as passwords
•    Don’t delay, notify your IT dept/provider if you have suspicion
•    Never share a password

While Strong passwords and Multifactor Authentication go a long way to help stop breaches they don’t help when a password is freely given to the attacker as in the case of a social engineering attack. That is where Identity Threat Detection & Response becomes your last line of defence.

An Identity Threat Detection & Response system addresses major security challenges such as session hijacking, credential theft, malicious inbox and forwarding rules, and account takeover or business email compromise attempts by constantly monitoring for unusual activity. 

An Identity Threat Detection and Response (ITDR) system is crucial because it acts like a security guard for your digital identities. Think of it as protecting the keys to your company’s online world. ITDR steps in by constantly monitoring for suspicious activity, like unusual login attempts or changes to account settings. It doesn’t just wait for a breach to happen, it spots potential threats early and responds fast, either by blocking access, alerting your team, or fixing compromised settings. In most of the recent real world data breaches we have seen an ITDR system would have either prevented the attack or minimised its impact and a good ITDR system should be able to take action on a detection any time, day or night.

In conclusion Artificial Intelligence has amplified all the IT security threats, but the core vulnerability (humans) remains unchanged, people are often the weakest link. Hackers are using AI to target human behaviour and vulnerabilities. 

IT security has always required a layered approach, IT departments used to protect the perimeter from threats, now they must also focus on protecting the identities of staff.
For more information on the latest Identity Threats and the layers of defence to protect against them contact VInet Solutions.