AI-Driven Phishing Attacks Surge in Latin America, Harming Millions

The event involves the use of AI systems in the development and deployment of phishing attacks, including AI-generated deepfakes and automated mass messaging via RPA, which directly lead to harm by enabling large-scale scams and fraud targeting individuals. The harms include injury to people through deception and financial loss, fitting the definition of an AI Incident. The report documents actual occurrences and impacts, not just potential risks, thus it is classified as an AI Incident.

The event involves the use of AI systems in the development and execution of phishing attacks that have already caused harm to people through scams and fraud. The AI systems are used to generate more convincing fake content and automate mass messaging, directly contributing to the realized harm. Therefore, this qualifies as an AI Incident because the AI system's use has directly led to harm to persons and communities through fraudulent activities.

The article explicitly states that AI is used to automate and improve phishing attacks, which have resulted in millions of detections and presumably many successful scams causing harm. The use of AI-generated deepfakes and automated message distribution directly contributes to realized harm through fraud and deception. Therefore, this qualifies as an AI Incident because the AI system's use has directly led to significant harm to people and communities through phishing scams and fraud.

The article explicitly states that AI is used to automate and improve phishing attacks, including the use of deepfake technology and robotic process automation to send mass fraudulent messages. These AI-driven attacks have directly led to realized harm in the form of scams and fraud attempts affecting millions of people, including 110 million detections in Peru alone. The AI system's use in automating and enhancing these attacks is a direct contributing factor to the harm, meeting the criteria for an AI Incident under the OECD framework.

The article explicitly states that AI is used to automate and scale phishing attacks, which have resulted in actual harm to victims through data theft and fraud. The harms include violations of privacy and financial security, which are covered under the definitions of AI Incident. The involvement of AI in the development and use of these cyberattack methods is clear and directly linked to the harms described. Although AI is also used defensively, the primary focus is on the realized harms caused by AI-enabled attacks. Hence, the classification as AI Incident is appropriate.

The article explicitly mentions AI's role in enabling more sophisticated and automated phishing attacks (e.g., use of Robotic Process Automation), and the use of deepfakes, which are AI-generated content. These represent credible cybersecurity threats that could plausibly lead to harm such as data theft, extortion, and fraud. However, the article primarily provides an overview of threats, statistics on blocked attacks, and expert advice, without detailing a specific incident where AI caused harm. Therefore, the event is best classified as Complementary Information, as it enhances understanding of AI-related cybersecurity risks and responses but does not report a new AI Incident or AI Hazard.

The article explicitly states that AI is being used to automate and improve phishing attacks, which have resulted in millions of detections and presumably many victims of fraud. The use of AI to generate convincing fake content and automate mass messaging directly contributes to harm to communities through financial scams and deception. Therefore, this qualifies as an AI Incident because the AI system's use has directly led to realized harm (mass phishing scams) in Guatemala and the broader region.