- Experts warn AI-written phishing emails looking polished and bypassing traditional email filters
- Polymorphic attacks are constantly changing to avoid detection in real time
- Business email-compromis fraud now mimics leaders with almost perfect formatting
We’ve said it before and we say it again. Artificial intelligence changes the face of cybercrime, and phishing is an area where it hits the hardest.
New data from the security company Cofense has warned AI-driven phishing campaigns are not only more frequent, but also far more compelling than ever before.
These e emails are cleaner, more polished and tailored to fool even more cautious users, and with generative AI tools that are now available to almost anyone, threat actors scale their activities at a speed that many companies simply can’t keep up.
Very evasive delivery system
In its latest threat information report, The emergence of AI – a new era with phishing -threatsCofense describes how phishing tactics develop at a phenomenal speed.
By 2024, Cofense Phishing Defense Center discovered a malicious e -mail every 42 seconds, many of which slipped through older circumference defense.
E-mail-based scams burst 70% year-over-years, driven by AI’s ability to emulate tone, counterfeit internal emails, and personalize messages with impressive accuracy.
Messages now have perfect grammar, accurate formatting and realistic sender addresses. They often also imitate C-suite leaders, respond within existing email threads and use lookalike domains like “@Consultant.com.”
This shift towards business E -mail -Compromis (BEC) has become a major threat. AI-generated content lacks the narrative characters that previously gave away phishists, such as typo, spelling errors and awkward phrasing, often traces suggesting that English may not be the sender’s first language.
Polymorphic phishing campaigns are another area of concern, according to Cofense. These constantly changing attacks change their content in real time to avoid signature -based security tools. Subject lines, sender details and text all change dynamic, making detection with traditional filters all impossible.
Malware embedded in these E emails has also evolved, Cofense reports where over 40% of the samples in 2024 are newly observed threats, with many of them remote access trojans (rats).
How to remain safe
Investigate E -Mail -Contact: Be skeptical of emails involving financial actions, urgent requests, or out of place, even if the formatting looks perfect.
Confirm internal requests: If an e-mail claims to be from a colleague or executive, double control using known contact methods before intervening.
Don’t trust appearance: AI-generated emails often look flawless, so focus on context, timing and content rather than where “professional” it looks.
Avoid clicking on links without verification: Keep the cursor over links to check their destination and avoid downloading files from unknown or unexpected messages.
Use security tools that go beyond the perimeter: Look for solutions that offer analysis after delivery and threat response based on behavior, not just signatures.
