What AI-Generated Phishing Actually Looks Like Now

Most people have a mental image of a phishing email. It’s clunky, slightly off-brand and contains at least one sentence that no native English speaker would ever write. You know it when you see it. And that’s the problem. Because what’s landing in inboxes now looks nothing like that.

The attacks have changed. The assumptions most organisations are operating on haven’t.

The grammar problem is solved

For years, poor writing was the most reliable tell. Security awareness training leaned heavily on it: look for spelling mistakes, watch for awkward phrasing and trust your instincts when something reads wrong. That was sound advice, because it was usually right.

It isn’t any more. Generative AI produces fluent, natural English with no effort and no errors. The tone is right. The branding is accurate. There’s nothing that jumps out as wrong, because nothing is wrong, at least not on the surface.

The numbers bear this out. Around 82% of phishing emails now use AI in some form, and the click-through rate on AI-generated attacks sits at roughly 54%, compared to 12% for traditionally crafted campaigns. That isn’t a small uplift. It’s a fundamentally different level of effectiveness.

Personalisation at scale

Spear phishing (targeted attacks on a specific person rather than a bulk send) has always worked better than generic campaigns. The reason it wasn’t more common was simple: it took time and skill to pull off convincingly. You needed to research the target, understand the context and write something that felt credible. Most attackers couldn’t be bothered.

AI changes that calculation completely. An attacker can now pull publicly available information from LinkedIn, your company website, social media and press coverage, and generate a personalised email in minutes. It might reference a real colleague’s name, a project you’ve been working on or a process that’s specific to your organisation. It reads like an internal message, because in many ways it is. It’s just been written by someone who has no business being inside your world.

That familiarity is precisely what makes it effective. It doesn’t trigger the usual alarm bells, because it doesn’t feel like a stranger knocking.

Beyond email

The same technology is being applied in ways that go well beyond a convincing message in your inbox.

Voice cloning is one that catches people off guard. AI can now replicate someone’s voice from just a few seconds of publicly available audio: a video, a podcast, a company presentation. Staff are receiving calls that sound indistinguishable from their manager or a known IT contact, asking them to authorise a payment or share login details urgently. It’s much harder to pause and question a voice you recognise than an email you can reread.

QR codes are another shift worth knowing about. They bypass most email security filters entirely, because there’s no link for the filter to evaluate. A code in an email, or even on a printed document left in a communal space, can take someone directly to a malicious site with no warning.

Then there’s trusted platform abuse. Phishing doesn’t always come from a dodgy domain these days. It often arrives through DocuSign, SharePoint or Google Drive, where an attacker has shared a document and buried the malicious link inside it. The sender domain is real. The email clears authentication checks. There is nothing for a filter to flag.

Why the training conversation needs updating

Most organisations approach phishing as a training problem: teach people to spot the signs and they won’t click. That thinking isn’t wrong. Awareness genuinely matters. But if the training is built around attack patterns from three or four years ago, it’s offering a false sense of security rather than a real one.

UK businesses reported phishing related losses of over £1.2 billion in 2025. Among companies that experienced any kind of breach, phishing was a factor in around 85% of cases. Those aren’t figures driven by people ignoring obvious warning signs. They reflect what happens when the signals become genuinely hard to read.

The people most likely to be targeted, finance teams, senior leaders and IT administrators, need more than awareness. They need to be working within processes that assume someone will eventually be deceived, and that have controls in place for when that happens.

So what does good look like?

No single thing fixes this. What works is a combination: email security that looks at behaviour rather than just syntax, multi-factor authentication that limits the damage when credentials are stolen, clear processes for verifying unusual requests through a second channel and training that reflects what attacks actually look like today.

None of that is complicated. But it needs to be intentional and kept current. The threat is evolving quickly. A security posture that was sensible two years ago may have real gaps now and the people probing for those gaps are getting better at their job all the time.