Draft:AIshing
Submission declined on 2 October 2024 by KylieTastic (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
|
AIshing (pronounced "eye-shing") is a cybersecurity term coined by Ali Osman Elmi, a Certified Information Security Manager working at Saudi Telecom Company. It refers to AI-powered phishing attacks, where artificial intelligence (AI) is used to craft and execute sophisticated phishing schemes. These attacks leverage AI's ability to analyze data, generate highly personalized and convincing messages, and automate the process of deceiving individuals or organizations to extract sensitive information, such as login credentials, financial data, or personal information.
Etymology
The term AIshing was coined by Ali Osman Elmi to represent the next generation of phishing attacks, where AI plays a crucial role. The pronunciation "eye-shing" highlights the use of artificial intelligence in the process, with the "-shing" suffix maintaining the metaphor of "fishing" for sensitive data, a concept integral to traditional phishing.
Background
Phishing has been one of the most common cyberattacks for decades, but with the advancement of AI, attackers have developed more sophisticated ways to execute these attacks. AIshing involves the use of machine learning and AI algorithms to create highly customized phishing messages. These algorithms can analyze large datasets, including social media profiles, emails, and other publicly available information, to create messages that are highly personalized and believable, increasing the likelihood that a target will fall for the scam.
How AIshing Works
Data Analysis: AI systems can scan and analyze vast amounts of data related to potential targets, including online behavior, email patterns, and communication styles.
Message Crafting: Based on the collected data, AI generates highly personalized phishing messages, making them appear authentic and tailored to the recipient's interests or activities.
Automation: AIshing attacks can be automated, allowing hackers to target large numbers of individuals or businesses without significant manual effort.
Deepfakes: In some cases, AIshing may use deepfake technology to impersonate trusted individuals through audio, video, or text, further enhancing the credibility of the phishing attempt.
Examples of AIshing
Personalized Emails: AI algorithms can craft phishing emails that seem to come from a recipient’s close contact or a trusted organization, based on prior communications and patterns.
Social Engineering: AIshing can involve AI-powered chatbots that engage with victims in real-time, mimicking human interaction to extract sensitive data.
Deepfake Phishing: AIshing may involve deepfake audio or video calls from a seemingly legitimate source, tricking victims into revealing confidential information.
Defenses Against AIshing
Advanced Email Filtering: Companies and individuals should use AI-powered email filters that can detect unusual patterns or content typical of AIshing attempts.
Multi-Factor Authentication (MFA): Adding multiple layers of verification can help prevent unauthorized access, even if login credentials are compromised.
Employee Training: Regular cybersecurity training on recognizing phishing attempts, especially those using AI, is crucial for mitigating AIshing risks.
AI Countermeasures: Leveraging AI systems to detect and block AI-generated phishing attacks can help reduce the success rate of such attacks.
Impact of AIshing on Cybersecurity
AIshing represents an evolution in cyberattacks, raising concerns about the future of phishing and the overall security of digital environments. As phishing attempts become more sophisticated, traditional detection methods may become less effective. Cybersecurity professionals are increasingly looking toward AI-driven countermeasures to keep up with these evolving threats.
References
[edit]Phishing attacks:
National Institute of Standards and Technology. "Phishing." NIST Computer Security Resource Center, https://csrc.nist.gov/glossary/term/phishing
Accessed 2 September 2024.
AI Security Vulnerabilities:
Vincent, James. "Adversarial attacks could trick AI into making dangerous mistakes." The Verge, 22 February 2019,
https://www.theverge.com/2019/2/22/18235138/ai-machine-learning-adversarial-attacks-examples.
Accessed 21 September 2024.
AI and Cybersecurity:
Harwell, Drew. "As AI spreads, so do risks of hacking." The Washington Post, 8 August 2022,
https://www.washingtonpost.com/technology/2022/08/08/ai-security-hacks/
Accessed 12 September 2024.
Adversarial AI Examples:
Goodfellow, Ian, et al. "Explaining and Harnessing Adversarial Examples." International Conference on Learning Representations (ICLR), 2015,
https://arxiv.org/abs/1412.6572.
Accessed 18 September 2024.
AI Safety and Security:
OpenAI. "AI and security: Why protecting AI systems is critical." OpenAI Blog, 14 September 2023, https://openai.com/blog/ai-security/.
Accessed 1 October 2024.