phishing specal

How to recognize AI-generated phishing mails

Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%.

However, now cybercriminals have AI to write their emails, which might well improve their phishing success rates. Here’s why.

The old clues for telling if something was a phishing mail were:

  1. It asks you to update/fill in personal information.
  2. The URL on the email and the URL that displays when you hover over the link are different from one another.
  3. The “From” address is an imitation of a legitimate address, especially from a known brand.
  4. The formatting and design are different from what you usually receive from a brand.
  5. The content is badly written and may well include typos.
  6. There is a sense of urgency in the message, encouraging you to quickly perform an action.
  7. The email contains an attachment you weren’t expecting.

While most of these are still valid, there are a few checks you can strike off your list due to the introduction of AI.

When a phisher is using a Large Language Model (LLM) like ChatGPT, a few simple instructions are all it takes to make the email look as if it came from the intended sender. And LLMs do not make grammatical errors or put extra spaces between words (unless you ask them to).

They’re not limited to one language ether. AI can write the same mail in every desired language and make it look as if you are dealing with a native speaker. It’s also easier to create phishing emails tailored to the intended target.

All in all, the amount of work needed to create an effective phishing email has been reduced dramatically, and the number of phishing emails has gone up accordingly. In the last year, there’s been a 1,265% increase in malicious phishing emails, and a 967% rise in credential phishing in particular.

Because of AI, it’s become much harder to recognize phishing emails, which makes things almost impossible for filtering software. According to email security provider Egress 71% of email attacks created through Ai go undetected.

So how do you recognize AI phishing emails?

Here are some ideas:

Number 4 above—The formatting and design are different from what you usually receive from a brand—is helpful. Compare the email with any previous communications you have from the supposed sender. If there are inconsistencies in the tone, style, or vocabulary, this could indicate that the message is a phishing attempt.

Number 5—The content is badly written and may well include typos—AI phishing emails may still use generic greetings, such as “Dear user” or “Dear customer,” instead of addressing the recipient by name. Also, look for generic or mismatched signatures that do not align with the sender’s typical signature.

Number 7—The email contains an attachment you weren’t expecting—If you know the person who sent the email but don’t trust the content, contact the sender through an alternate communication method to verify whether they actually sent it.

For organizations it is important to have a clear reporting procedure and actively follow up on reported suspected phishing emails. If your employees never hear back about a reported phishing email, they are less likely to report the next one. A pat on the shoulder for catching one goes a long way. A lot further than the more common shame-and-blame punishments for clicking a malicious link.

Repetitive phishing training that neither aligns to how users engage with email, nor provides appropriate tools for responding to ambiguous emails are a waste of time, money, and the patience of the employee.

And most of all, make sure that your own communications, internal and external, don’t look like phishing attempts.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.