AI is making phishing emails far more convincing with fewer typos and better formatting: Here’s how to stay safe
- Experts warn AI-written phishing emails look polished and bypass traditional email filters
- Polymorphic attacks shift constantly to evade detection in real time
- Business email compromise scams now mimic executives with near-perfect formatting
We’ve said it before, and we’ll say it again. Artificial Intelligence is changing the face of cybercrime, and phishing is one area where it’s hitting the hardest.
New data from security firm Cofense has warned AI-powered phishing campaigns are not only more frequent but also far more convincing than ever before.
These emails are cleaner, more polished, and tailored to fool even more cautious users, and with generative AI tools now accessible to nearly anyone, threat actors are scaling their operations at a rate that many businesses simply can’t keep up with.
Highly evasive delivery system
In its latest threat intelligence report, The Rise of AI – A New Era of Phishing Threats, Cofense details how phishing tactics are evolving at a phenomenal rate.
In 2024, the Cofense Phishing Defense Center detected one malicious email every 42 seconds, many of which slipped through legacy perimeter defenses.
Email-based scams jumped 70% year-over-year, fueled by AI’s ability to mimic tone, spoof internal emails, and personalize messages with impressive accuracy.
Messages now feature perfect grammar, accurate formatting, and realistic sender addresses. They often also impersonate C-suite executives, reply within existing email threads, and use lookalike domains such as “@consultant.com.”
This shift toward business email compromise (BEC) has become a major threat. AI-generated content lacks the telltale signs that previously gave phishers away, such as typos, spelling mistakes and awkward phrasing, often clues that suggest English might not be the sender’s first language.
Polymorphic phishing campaigns are another area of concern, according to Cofense. These constantly-changing attacks modify their content in real time to evade signature-based security tools. Subject lines, sender details, and text all shift dynamically, which makes detection with traditional filters all but impossible.
Malware embedded in these emails has also evolved, Cofense reports, with over 40% of samples in 2024 being newly observed threats, many of them Remote Access Trojans (RATs).
How to stay safe
Scrutinize email content carefully: Be skeptical of emails involving financial actions, urgent requests, or out-of-place language, even if the formatting looks perfect.
Verify internal requests: If an email claims to be from a coworker or executive, double-check using known contact methods before taking action.
Don’t rely on appearance: AI-generated emails often look flawless, so focus on context, timing, and content rather than how “professional” it looks.
Avoid clicking on links without verification: Hover over links to check their destination and avoid downloading files from unfamiliar or unexpected messages.
Use security tools that go beyond the perimeter: Look for solutions that offer post-delivery analysis and threat response based on behavior, not just signatures.
You might also like
Experts warn AI-written phishing emails look polished and bypass traditional email filters Polymorphic attacks shift constantly to evade detection in real time Business email compromise scams now mimic executives with near-perfect formatting We’ve said it before, and we’ll say it again. Artificial Intelligence is changing the face of cybercrime, and…
