PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

How AI Agents Can Perform Autonomous Phishing Attacks

By Wesley Grant
March 13, 2025
in Analysts Coverage, Artificial Intelligence, Fraud & Security
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
ai agent phishing

Phishing is already a favored technique among criminals, and a demonstration by Symantec showcased how AI agents can supercharge these attacks.

The security company tasked OpenAI’s recently launched Operator agent with carrying out a phishing attack on a member of Symantec’s organization from start to finish. First, the agent identified the person who performed a specific role within the organization and located their email address. Then, Operator created a PowerShell script designed to gather systems information and sent an email the target using a “convincing lure.”

Teaching AI Cybercrime

The AI model initially refused the instructions on grounds they involved “sending unsolicited emails and potentially sensitive information” that could violate privacy and security rules. However, after researchers convinced Operator that they had proper authorization, the agent complied—a vulnerability that is also present in OpenAI’s ChatGPT.

Once assigned the task, Operator located its target using publicly available data. While the target’s email address was private, the AI agent deduced it by analyzing similar addresses within the same company.

Operator then studied websites to learn about PowerShell scripts, after which it drafted its own and sent the email. According to Symantec, the email—sent from a fake account—was reasonably convincing.

Working With Little Prompting

AI has quickly become a mainstay in fraud attacks, enabling bad actors to create deepfakes and cheapfakes that can fool consumers into making a financial mistake. However, at this stage, most of these attacks aren’t sophisticated enough to convince most individuals.

The attack orchestrated by Operator was relatively straightforward and did not reach the same level of most human-generated phishing attacks, which are increasingly hard to spot.

However, AI agents pose a formidable challenge because they can operate tirelessly with minimal input to accomplish their goals. This autonomy allows criminals to scale their attacks on a much wider scale with fewer technological barriers to entry.

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: AIAI AgentsAI FraudDeep FakeDeepfake AI FraudOpenAIPhishingPhishing Attacks

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Accredited Payments Risk Professional

    The Growing Importance of Payments Risk Expertise

    July 6, 2026
    account aggregation

    The Dilemma Facing Financial Institutions: Aggregate or Be Aggregated

    July 2, 2026
    contactless payments

    Wherever There’s Friction, Contactless Payments Can Help

    July 1, 2026
    gift card strategy, gift card trends

    How Cautionary Spending Is Fueling Gift Card Purchases

    June 30, 2026
    Know Your Agent

    Trust but Verify: Security in the Age of Agentic AI

    June 29, 2026
    SoLo CFPB

    How Banks Are Fighting the Scourge of Money Mules

    June 26, 2026
    The Goldilocks Principle and Banking

    Are Banks Fully Unlocking Their Data Gold Mine?

    June 25, 2026
    stablecoin regulation

    The New Settlement Frontier: Bank-Led Stablecoins and the Reordering of Global Capital Flows

    June 24, 2026

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2026 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result