Scammers are using AI to create phishing messages that are more convincing, personalized, and produced at a faster rate. The main change is that AI eliminates many of the obvious warning signs people used to notice, such as awkward grammar and generic wording.

Common AI phishing tactics

  • Personalized email scams. AI can scrape public info from social media, company pages, and data breaches to write messages that mention your job, coworkers, or recent activity.
  • Smishing. Attackers use AI to generate realistic text messages that sound urgent and natural, often impersonating banks, delivery services, or employers.
  • Vishing and voice cloning. Scammers can clone a person’s voice or use AI-generated calls to impersonate executives, family members, or support agents and push for money or credentials.
  • Fake websites. AI helps create polished phishing pages quickly, including realistic branding, forms, and support chat that make victims trust the site.
  • Deepfake video. In some scams, AI-generated video is used in live calls or recordings to make an impersonation seem real.

Why it works better;

AI enables scammers to send numerous customized variants at scale, rather than a single obvious mass email. It also helps them mimic tone, timing, and internal language, making the message feel as though it originated from someone familiar.

Red flags to watch for;

  • Urgent requests for payment, passwords, or verification codes.
  • Messages that reference personal details but still feel slightly off.
  • Unusual payment methods or pressure to act immediately.
  • Calls or videos that ask you to “confirm” sensitive information without a normal process.

Always verify requests through a second channel, such as calling a known number or messaging a coworker using a different app. Consider any unexpected requests for credentials, money, or codes as suspicious, even if the message appears polished and personal.