Back to blog page

AI phishing: How cybercriminals use artificial intelligence in phishing attacks

Artificial intelligence is taking phishing attacks to a whole new level. Cybercriminals are using AI to create messages that are tailored to their victims, which could include you! We'll show you how this works and how you can protect yourself.

A fishhook piercing several credit cards placed on a computer keyboard. — Sometimes, one false click is all it takes!

by Kieran – Reading time: 3 min.

In this blog post...

✓ What is phishing?
✓ How dangerous is AI phishing?
✓ What does a personalized phishing email look like?
✓ How can I protect myself from AI phishing?

What is phishing?

Phishing is a popular scam in which cybercriminals use fake emails, websites, or messages to try to obtain sensitive data such as passwords, bank details, or personal information. To learn more about phishing, give this interview with our Mail Security expert a read!

With the surge of artificial intelligence and AI-powered tools, many have raised concerns about the risks of artificial intelligence in cybersecurity and how AI can be exploited by cybercriminals to create an even greater threat.

A 2024 study shows that this fear has turned into reality: attackers are using artificial intelligence to design even more successful phishing emails.

How dangerous is AI phishing?

Traditional phishing attacks are usually based on generic texts that are sent to many recipients. These emails are often easy to spot because they contain generic salutations such as “Dear customer” and frequently contain spelling mistakes or suspicious links. But that has now changed.

Cybercriminals use artificial intelligence to create a phishing message tailored to the individual victim in three steps:

Gathering information: Attackers collect large amounts of data, for example, from social networks, publicly accessible websites, or data leaks. Based on this, they create detailed profiles of their potential victims.
Evaluating and creating personalized phishing emails: AI then uses this data to analyze the victim's communication style and generate a deceptively genuine email. Since it refers to actual interests, this message can appear personal and authentic. This type of precise phishing is also known as “spear phishing.” (To learn more, see our explainer: Spear phishing: Understanding email attacks)
Distributing: Finally, these personalized phishing emails are sent out in large numbers. To appear more credible, attackers use hacked email accounts or rely on spoofing to imitate official sender addresses. (Check out: Email spoofing: Definition and how spoofing works)

What does a personalized phishing email look like?

The profile of our author, Kieran, proves how quickly such an attack can take:

In this example, the information used for a targeted attack is publicly available. We fed this data into the AI-powered chatbot ChatGPT and tasked it with creating a personalized phishing email.

This is what a personalized phishing email could look like:

Subject: Kieran, your travels deserve a special world map!

From: anna@worldmaps-shop.com

Hi Kieran,

I stumbled across your travel blog and just wanted to compliment you—your posts are really inspiring! They immediately reawakened my desire to travel.

I particularly like your idea of marking the countries you have already visited on a world map. That's exactly why I would like to make you a special offer: Imagine having a world map made of fine wood that is not only a real eye-catcher but also reflects all your adventures. It would be perfect for documenting your travels in style and could be just the special accent you are looking for in your living room.

And best of all: only today, you can get a 50% discount on your order with the code “Wanderlust”!

Take a look here: www.worldmaps-shop.com/woodenmap

I'm sure you'll love it!

Best regards,

Anna Miller

World Map Shop | Customer Service

Admittedly, this AI-generated phishing email took our blog team by surprise. The dangerous thing about such emails is that some people might click on the link out of pure curiosity, and that alone can be fatal!

Often, a single click is enough to trigger a Drive-by Download, which allows malicious malware to enter the computer unnoticed. If the attackers then succeed in persuading the victim to enter confidential data such as bank details, the damage is done. For more on this, check out our explainer: What does a phishing link look like? How to check links safely.

How can I protect myself against AI phishing?

Just as with “regular’ phishing, the golden rule is never to rush into revealing confidential information! The same safety guidelines apply when it comes to AI-powered phishing attempts as they do for any other sort of attack.

Always take a moment to critically question every email you get. Would an important message like that really come via email, or would you normally expect an official letter instead? Is it realistic that a sudden “urgent payment request” would show up without any warning?

If an email seems almost too convincing, pause for a moment before reacting. Avoid clicking random links or entering sensitive details right away. If something feels off, just leave the email sitting there for a bit and think it through. Could it actually be fake? Chances are, similar scams have already been flagged online, so a quick Google search can often clear things up fast.

If you found this article helpful, please leave us some feedback below. And if you still don’t have a mail.com email account, why not sign up for free today?

Images: 1&1/Shutterstock

Posted in

AI Phishing

2 people found this article helpful.

This article was helpful

This article was not helpful