Analysis
AI SHIFT:

AI Reprices Cybercrime Risk Around Phishing And Deepfakes

Newsroom brief

A Forbes contributor analysis by Dr. Jonathan Reichental, republished by Yahoo Finance, says generative AI is reducing the cost and skill needed for phishing and social-engineering attacks. The piece frames AI cyber risk as an operating-control problem for payment approvals, access requests, employee training, simulations, defensive tools and board-level governance.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
AI Reprices Cybercrime Risk Around Phishing And Deepfakes
Image source: Forbes

A Forbes contributor analysis by Dr. Jonathan Reichental, republished by Yahoo Finance, says artificial intelligence is changing cybercrime less by inventing new attacks than by making old ones cheaper, faster and harder for companies to verify.

The argument is economic as much as technical.

The analysis describes cybercrime as a risk-management problem already projected to cost $14 trillion in 2028, while phishing and social-engineering attacks each cost an enterprise about $4 million per breach.

Generative AI changes that calculation because attackers can automate research, targeting and message production while preserving the credibility that once required skilled human operators.

The Cost Curve Moves First

The strongest evidence is the gap between ordinary phishing and AI-assisted deception.

An academic study cited in the analysis found AI-automated phishing emails performed at the level of human experts and reached a 54 percent click-through rate, compared with 12 percent for generic phishing emails.

That changes the attacker's calculation.

If the marginal cost of a convincing spear-phishing email falls, more campaigns can be built around specific employees, real projects, payment workflows and internal language.

The risk is not only that fraudulent emails look better.

It is that the production cost of believable fraud falls while the possible return remains high.

Spear phishing shows the point clearly.

Messages once requiring manual research can now be personalized at scale, with AI helping gather information, identify targets and shape a request around a company's normal processes.

That makes the attack surface broader than the inbox.

The economics are the warning.

Old Warning Signs Lose Value

Traditional awareness training has often taught employees to spot poor spelling, awkward grammar, odd formatting and generic wording.

The analysis warns that AI weakens those signals by producing cleaner messages and by giving attackers a way to mimic organizational context.

A finance employee, for example, may receive a request that appears to come from a senior executive, refers to a real project and asks for payment to a bank account.

The attack type is not new, but AI can make the request feel routine enough to pass through a busy approval chain.

That shifts phishing from an email-filter problem into a business-process problem.

The question for companies is no longer only whether a message looks suspicious.

It is whether payment approvals, data-access requests and executive instructions have verification paths strong enough to withstand a believable message.

Deepfakes Extend The Same Risk

The Hong Kong deepfake case cited by Reichental shows the same cost shift moving beyond text.

The cited case involved an employee who joined a video conference, believed the call included company executives and transferred $25 million before learning the participants were AI-generated impersonations.

The case illustrates how trust can become part of the attack surface.

A convincing executive impersonation can move the target from system access to the decision process around payment approval.

Voice, video and chat channels can all become routes into the same payment or access workflow.

For security leaders, that means awareness training alone is too narrow.

Employees still need training, but the higher-value control is a second path for confirming high-consequence actions before money moves, credentials change or sensitive data is released.

The Response Is Operational

The five recommendations point toward a broader operating model.

Training needs to reflect AI-driven phishing and social engineering.

Payment, data-access and workflow approvals need to be tested against more realistic deception attempts.

Incident-response exercises should include AI-powered scenarios rather than only conventional breach playbooks.

The recommendations also call for defensive tools designed for AI-enabled attacks, including updated secure email gateways and malicious-traffic controls.

But the governance recommendation is the more important signal: AI cyber risk needs to sit inside risk management, digital trust and innovation oversight, not only inside the security team.

The public record still has limits.

The analysis does not provide a company-by-company benchmark for AI-driven losses, and the cited phishing study sample is not identified in the text available to readers.

Exposure will vary by sector, approval design and employee access patterns.

The analysis does not provide a sector-by-sector loss benchmark for AI-generated phishing or deepfake attempts.

Until that data is clearer, the practical question is how quickly businesses can add verification controls around payment, data-access and executive-approval workflows.

Share this article
inXf

Related articles

More
Silent Ransom Group Uses Fake IT Support Calls to Pressure Law Firms
Cybersecurity

Silent Ransom Group Uses Fake IT Support Calls to Pressure Law Firms

Silent Ransom Group is targeting U.S. law firms and professional services organizations with fake IT support calls, remote access tools and rapid data-theft extortion. Mandiant links the activity to UNC3753, Luna Moth and Chatty Spider, while the FBI has warned of related social engineering and in-person theft attempts.

WhatsApp Usernames Hide Phone Numbers But Scam Risk Remains
Cybersecurity

WhatsApp Usernames Hide Phone Numbers But Scam Risk Remains

WhatsApp is rolling out usernames and optional keys to reduce phone-number exposure, but security researchers warn that impersonation and social-engineering scams can move to handles, profile images and trusted-looking accounts.

AI Coding Push Turns Developers Into a Prime Cybersecurity Target
Cybersecurity

AI Coding Push Turns Developers Into a Prime Cybersecurity Target

A Japanese @IT analysis says attackers are increasingly targeting developers because AI coding tools, OSS, CI/CD pipelines and cloud services concentrate valuable credentials around them. The report highlights vulnerable AI-generated code, fake recruiting approaches, polluted open-source packages and GitHub Actions-style automation attacks. The practical warning is that companies need stronger identity, dependency and workflow controls rather than relying only on individual developer caution.

Injective SDK npm Compromise Exposes Wallet-Key Theft Risk
Cybersecurity

Injective SDK npm Compromise Exposes Wallet-Key Theft Risk

Socket, Ox Security and StepSecurity said they detected wallet-stealing code in @injectivelabs/sdk-ts npm package version 1.20.21 after an Injective Labs contributor account was compromised. Socket said the malicious release was downloaded 310 times before deprecation, while Ox Security counted 87 direct dependencies and described a six-figure cumulative download count across dependent packages.

Microsoft Revokes 11 Secure Boot Shims After ESET Finds Bypass Risk
Cybersecurity

Microsoft Revokes 11 Secure Boot Shims After ESET Finds Bypass Risk

Ars Technica reported that ESET found 11 old UEFI shim images that Microsoft still trusted even after known defects. Microsoft revoked the shims in its June patch release, while the reason the lapse lasted for years remains outside the public account.

Sysdig Says AI Ransomware Still Needed Human Setup
Cybersecurity

Sysdig Says AI Ransomware Still Needed Human Setup

Sysdig described JadePuffer as agentic ransomware, but Michael Clark said a human still chose the victim, provisioned infrastructure and supplied database credentials before the AI agent executed the attack.

Keep Reading

More Stories

Latest
IBM Research Tests Agent Routing On Cost, Latency And AccuracyAIJul 20, 2026IBM Research Tests Agent Routing On Cost, Latency And AccuracyA Hugging Face post from IBM Research said model routing for enterprise AI agents should optimise cost, quality and latency together after AppWorld tests reversed a simple token-price comparison.IBM Study Finds UAE AI Vendor Switching RiskCapital & PolicyJul 20, 2026IBM Study Finds UAE AI Vendor Switching RiskMiddle East AI News, citing IBM Institute for Business Value data, said 88 per cent of surveyed UAE executives would struggle to switch their primary AI vendor or model, while 96 per cent did not fully understand dependencies across vendors, models and infrastructure.Regions Bank Digital Transactions Reach 80% After Mobile UpgradeFintech & Digital PaymentsJul 19, 2026Regions Bank Digital Transactions Reach 80% After Mobile UpgradePYMNTS reported that Regions Bank’s second-quarter materials listed digital transactions at 80% of customer activity, with mobile users, logins, Zelle usage and chat volume rising as core modernisation continues.Microsoft And 3M Extend Azure AI Data Centre Partnership Around EBOCloud & Data CentersJul 19, 2026Microsoft And 3M Extend Azure AI Data Centre Partnership Around EBOCapacity reported that Microsoft plans to deploy 3M's Expanded Beam Optical technology in Azure data centres as the companies extend a partnership across AI infrastructure and 3M's internal enterprise systems. The announcement links fibre-connection maintenance and deployment speed in dense cloud environments with 3M workflows for credit checks, delinquency reviews, system updates, customer service, finance, sales and marketing.Ericsson Wins UK Defence 5G Role Under £8 Billion RM6393 FrameworkTelco & ConnectivityJul 19, 2026Ericsson Wins UK Defence 5G Role Under £8 Billion RM6393 FrameworkRCR Wireless News reported that Ericsson has been selected for services and components under the UK Ministry of Defence RM6393 tactical communications framework, while Nokia is pursuing defence 5G through partner channels.Red Hat Maps AI-RAN Upgrade Path Around Operator EconomicsTelco & ConnectivityJul 19, 2026Red Hat Maps AI-RAN Upgrade Path Around Operator EconomicsRCR Wireless News reported that Red Hat expects AI-RAN adoption to start with operational gains on existing radio networks before operators test shared AI and RAN infrastructure towards 2030.Superhuman Adds Docs With AI Assistant And MCP LinksAIJul 19, 2026Superhuman Adds Docs With AI Assistant And MCP LinksNo Jitter reported that Superhuman has launched Docs, an AI-native collaboration product evolved from Coda, with Docs AI in beta and MCP connections to tools such as Claude, ChatGPT, Cursor, Jira and Salesforce.H2LooP Raises $2m For Embedded-System AI Coding ToolsAIJul 19, 2026H2LooP Raises $2m For Embedded-System AI Coding ToolsYourStory reported that Bengaluru startup H2LooP raised $2 million to build hardware-aware AI coding tools for firmware and embedded systems, with early deployments in semiconductor and automotive teams.France And Germany Name Arcadia As Starting Point For Sovereign Military AICapital & PolicyJul 19, 2026France And Germany Name Arcadia As Starting Point For Sovereign Military AITNW reported that France and Germany pledged to examine a European sovereign digital backbone for military AI, using France's Arcadia as the starting point after both countries moved intelligence services away from Palantir.Moonshot Sets 27 July Open-Source Release For Kimi K3 AI ModelAIJul 19, 2026Moonshot Sets 27 July Open-Source Release For Kimi K3 AI ModelBBC reported that Moonshot AI launched Kimi K3, a 2.8 trillion-parameter model scheduled for open-source release on 27 July. The Chinese startup says the model can rival OpenAI and Anthropic systems, but exact hardware requirements and enterprise customers remain undisclosed.Meta Smart Glasses Face Privacy Backlash As Courtroom Bans SpreadCapital & PolicyJul 19, 2026Meta Smart Glasses Face Privacy Backlash As Courtroom Bans SpreadYahoo Tech reported that backlash against AI-enabled smart glasses is growing as Meta expands camera-equipped eyewear, with courthouse bans, facial-recognition concerns and cloud-review warnings shaping the privacy debate.Nebius Raises $775M Secured Debt Facility For GPU Cloud BuildoutCapital & PolicyJul 19, 2026Nebius Raises $775M Secured Debt Facility For GPU Cloud BuildoutNebius said its first senior secured debt facility is backed by deployed GPU infrastructure and contracted cash flows, with the $775 million financing priced at SOFR + 2.50% and maturing on October 31, 2030.