Watch out – BEC now have AI superpowers!

By Peter Vogel on June 9, 2025

CSOonline.com reported that “…AI is also being extensively employed by attackers, helping them collect specific data that is used on business email compromise (BEC) attempts. AI is already getting better in deep research and with that making impersonation scams no longer as easy to identify and stop.” The June 3, 2025 article entitled “AI gives superpowers to BEC attackers” (https://tinyurl.com/ckhfxrub) included these comments about “The role of AI in business email compromise”:

Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible, such as right after a big deal closes and they’re expecting the payment request to arrive.

Attackers use social media platforms, corporate websites, industry publications, and even the websites of a company’s clients or vendors to get insights on personnel, corporate dynamics, and major events.

“What we see with BEC is that it’s a long game,” says Forrester analyst Jess Burn.

This kind of research takes time and requires decent English language skills since the targets are commonly in English-speaking countries. As AI gets better at deep research, this information-gathering stage gets easier and faster.

The next step is impersonation, which can involve creating look-alike email accounts, domains, social media accounts, or the exploitation of legitimate internal accounts. Attackers use automation to find and test relevant compromised credentials or create new accounts.

Finally, the fraudulent request step is the one where the latest generation of AI really shines. A message that asks for a large amount of money will automatically draw increased scrutiny from a recipient.

The days of being able to easily spot a scam because of poor grammar or broken English are quickly coming to an end. According to KnowBe4’s March phishing report, 83% of phishing emails sent in the six months between September 2024 and February 2025 used AI, up 54% compared to last year. KnowBe4 analyzes data from 13.2 million users from 31,000 organizations.

This bad news, but not a surprise!

First published at https://www.vogelitlaw.com/blog/watch-out-bec-now-have-ai-superpowers