The New Face of Phishing: How AI is Making Scams Harder to Spot
We have all seen them: the clumsy phishing emails filled with typos, claiming you’ve won a lottery you never entered or that a “long-lost relative” has left you millions. For years, spotting a scam was relatively easy if you knew what to look for.
But the game has changed.
With the rise of Generative AI tools like ChatGPT and sophisticated deep-learning models, cybercriminals now have the power to create phishing attacks that are grammatically perfect, contextually accurate, and highly personalised. This evolution is making the “human firewall”—your staff—more vulnerable than ever.
The AI Advantage for Attackers AI allows hackers to automate the creation of “Spear Phishing” emails. Unlike mass spam, these are targeted attacks. An AI can scan a company’s LinkedIn profiles, see who your Financial Director is, learn their writing style from public posts, and draft an email to a junior employee that sounds exactly like them.
Perfect Grammar
The tell-tale sign of poor English is disappearing. AI generates native-level text in any language.
Context Awareness: AI can reference real, recent events or industry-specific jargon, adding a layer of legitimacy to the request.
Deepfakes: We are now seeing the first waves of “Vishing” (Voice Phishing), where AI clones a person’s voice from a short audio clip to authorise bank transfers over the phone.
How to Spot the Unspottable
So, how do you defend against a scam that looks perfect? The focus must shift from “looking for typos” to “verifying intent.”
Check the Source, Not the Tone
Even if the email sounds like your CEO, check the actual sender address carefully. Is it company.com or cornpany.com?
Verify Out of Band
If an email asks for an urgent payment or password change, do not reply. Pick up the phone or walk to that person’s desk to verify the request.
Pause on Urgency
AI is great at creating artificial urgency (“Do this now or the account closes”). High-pressure tactics are a major red flag.
Defending Your Organisation Training is your best defence. Regular cybersecurity awareness training that evolves with these threats is essential. Furthermore, technical safeguards like multi-factor authentication (MFA) and advanced email filtering are no longer optional—they are your safety net when a human error inevitably occurs.
Are your email filters smart enough to stop AI-generated threats? Contact Primary ICT Support today to discuss our advanced Email Security and Staff Training packages
