How artificial intelligence is changing phishing
In the past, phishing attacks were mostly based on mass mailing. Standardized emails were sent to thousands of recipients – in the hope that a small fraction would respond. Success rates were low, but so was the effort.
Today the picture is different. Using AI, attackers can systematically evaluate information from publicly available sources: websites, social media profiles, business directories, or press releases. This results in individually crafted messages that match each recipient precisely.
Instead of a generic message like "Your account has been suspended", an employee suddenly receives an email that references a real project, names familiar contacts, and is linguistically flawless. The likelihood that such messages will be taken seriously increases considerably.
What's more, modern language models produce nearly error-free text. Grammar, spelling, and style are often barely distinguishable from genuine business communication. Even complex conversations can be simulated – including follow-up questions, replies, and seemingly logical sequences.
Recent real-world examples
Particularly problematic is that attacks are increasingly aligned with real business processes. Many phishing emails today no longer look like classic fraud attempts but like routine business communication.
A current example is fake job applications. Companies receive emails with short, professionally worded cover letters and supposed application documents attached. The messages often get straight to the point and initially appear credible. A common giveaway, however, is that the profession or field doesn't match the company at all. Web agencies, for instance, receive applications for nursing positions, or craft businesses receive supposed applications for highly specialized IT roles.
The actual danger usually lies in the attachment or behind a download link. Files masquerading as PDFs or ZIP archives can contain malware that, once opened, extracts credentials or encrypts entire systems.
Another frequent scenario involves fake invoices or reminders from supposed service providers. Particularly popular: invoices from supposed web hosting providers, mail server services, or domain registrars. Just recently, one of our clients was confronted with a deceptively realistic email that purported to come from a hosting company. The logo, footer, color scheme, and layout looked absolutely professional. Even the wording and legal notices appeared credible.
Only on closer inspection did it become apparent that the sender address had been slightly altered and the payment request pointed to an unknown account. It is precisely these kinds of details that make modern phishing attacks so dangerous: the technical and visual quality keeps improving.
New attack vectors through AI
Beyond classic phishing emails, AI is also giving rise to new attack variants that are even more targeted and harder to detect.
Spear phishing
Here, individual people or small groups are targeted specifically. The content is highly personalized and often based on real information about the company or the recipient's position.
Business Email Compromise (BEC)
Attackers impersonate executives, supervisors, or business partners. With AI, such messages can not only be mimicked linguistically with precision, but also made contextually convincing – for instance, with references to current projects or ongoing processes.
Deepfake-assisted attacks
Still comparatively rare but increasingly relevant: combinations of email and manipulated voice or video content. Even a brief call or voice message can reinforce the impression that a request is legitimate.
Why classic warning signs are no longer enough
Many of the previously reliable indicators of phishing are increasingly losing their relevance due to AI. Flawed language, illogical phrasing, or generic salutations are often simply no longer present.
Additionally, attackers use so-called Unicode or homoglyph attacks. Characters from other alphabets that look almost identical to regular letters are used. A Cyrillic "а", for example, is barely distinguishable from the standard Latin "a". This creates domains or sender addresses that appear completely legitimate at first glance but technically point to entirely different targets.
Emojis are also increasingly noticeable – especially in business contexts. An email with conspicuous emojis in the subject line or overly elaborate visual styling is in many cases a warning sign. Equally suspicious: a "Re:" or "FW:" in the subject of a message when no prior contact has taken place.
This does not mean phishing can no longer be recognized – rather, the criteria are shifting. Typical indicators today include:
- Sender addresses that have been only slightly altered
- Deceptively realistic websites and login pages
- Content with direct references to the company or current projects
- Professionally designed footers, logos, and signatures
- Artificially created time pressure, such as "Please review today" or "Urgent payment required"
The biggest challenge: many of these elements seem plausible in isolation. It is only in combination that the actual risk emerges.
Concrete measures for businesses
Even as attacks continue to evolve, there are effective strategies to significantly reduce the risk. The key lies in the interplay of technology, processes, and awareness.
Sharpen attention to detail
Employees should be trained to evaluate not just the content of an email, but also critically question its context, origin, and plausibility.
Never open attachments without thinking
Particular caution is warranted when it comes to unexpected job applications, invoices, or supposed contract documents.
Always verify payment requests
Invoices from hosting, domain, or mail providers should never be paid without verification. If in doubt, a direct inquiry to the actual service provider is recommended.
Use technical security measures
Modern spam filters, email gateways, and security solutions detect many threats early. Technologies such as DMARC, DKIM, and SPF also help identify forged senders.
Conduct regular training
Awareness of phishing should be continuously reinforced. Especially because methods are constantly changing, a one-time training session is no longer sufficient.
The role of artificial intelligence on the defensive side
Interestingly, AI is not only being used by attackers – it is increasingly being deployed for defense as well. Modern security systems analyze communication patterns, detect anomalies, and evaluate emails in real time.
Such systems can detect, for example, when a supposed executive suddenly makes unusual requests or when typical writing behavior changes significantly. Suspicious links, manipulated content, and unusual communication patterns can also be identified automatically.
Nevertheless: no system is perfect. Highly personalized attacks in particular can bypass technical safeguards. That is why the human factor remains a decisive element.
Conclusion: An arms race with increasing momentum
Phishing is no longer a simple mass phenomenon – it is evolving into a targeted, data-driven attack method. Artificial intelligence is accelerating this development further, making it easier for attackers to create convincing scenarios.
For businesses, this means: security strategies must keep pace. It is no longer enough to rely on classic warning signs. Instead, a holistic understanding of risks is needed, along with clear processes and trained awareness when dealing with digital communication channels.
Those who stay alert and sensibly combine technical and organizational measures can significantly reduce the risk – even in an era where deception attempts are becoming ever more convincing.