Text: Laura Pooley, Senior information security officer at Jisc
Phishing remains one of the most prevalent and dangerous threats to individuals and organisations. Traditionally, we identify phishing by looking for key indicators to set our spidey senses tingling. However, with an increase in the availability of AI (Artificial Intelligence), these indicators are becoming harder to spot or have disappeared completely and therefore increase our risk of compromise.
Traditional signs of phishing
Typically, we identify phishing emails by looking for key indicators such as those stated in the UK’s Stop! Think Fraud Campaign:
spelling and grammar mistakes
an amazing, time-limited offer or strong encouragement to ‘click here/now’
an email that doesn’t use your name
imagery or design that looks familiar but doesn’t feel quite right
an unusual email address
encouragement to open an unknown link
a request for you to share personal data
Where even one or two indicators are noted, or something just doesn’t feel right, alarm bells should start ringing and action be taken to report the email.
The rise of AI and its impact on phishing
The recent developments and availability of AI have led to huge leaps forward in assisting with many activities, including writing emails. Unfortunately, this means they can be leveraged by criminals to create more convincing phishing emails. Hoxhunt noted that out of 386,000 malicious emails analysed, 0.4-4.7% were written by AI. The use of AI increases the risk for recipients who may be more easily persuaded by a better presented AI-written email, featuring generally no spelling or grammatical mistakes.
As an example, entering a simple prompt to Copilot demonstrates the efficiency and general correctness of an AI written email: (“Can you write me an email inviting staff to a team meeting?”).
You may notice that AI generated text typically uses lengthy sentences with overly formal or complex words which lack detail, emotion and humour (although this is not always the case as prompts can be tailored to include these factors). This could tip us off to an email being written by AI and make us consider whether it’s phishing. However, AI written emails also come from official sources so although it’s helpful to understand some key signs of an AI written email, this does not automatically make them phishing.
Does AI make our traditional phishing indicators obsolete?
Even with a predicted increase in AI usage to construct convincing phishing emails, many of the traditional signs of phishing remain valid.
AI usage should not change the fact that we’d question an unsolicited message featuring a time-limited offer or demanding urgent action, or unexpected requests for personal data.
It’s important we remain vigilant and not be swayed away from our phishing hunting instincts by a better presented and worded email. We need to further focus on the messaging within the email and context around it – Does it makes sense? Were you expecting it? Is it trying to influence our decision making as explained in Understanding the bait could prevent you from becoming the next phish. If it comes from someone you know, but still something feels off – verify it through another contact method. An AI written email also does not stop us from checking certain details such as the sender address – you may not need to look any further if that looks off.
We should also remain aware of the emerging threat techniques that are being used by criminals to help us protect ourselves and organisations from the ever-present danger of phishing.
Laura Pooley is a Senior information security officer at Jisc. Since completing a BSc in Cyber Security Management, she has been working within Jisc’s information security team, leading on their internal communications, training and awareness activities.
GÉANT Cybersecurity Campaign 2025
Join GÉANT and our community of European NRENs for this year’s edition of the cybersecurity campaign: “Be mindful. Stay safe.” Download campaign resources, watch the videos, sign up for webinars and much more on our campaign website: security.geant.org/cybersecurity-campaign-2025/
Davina Luyten is communications officer at Belnet. She has a background in translation, journalism and multilingual corporate communication. At Belnet, she focuses on external communication, public relations, crisis communication and security awareness. She has participated in the GÉANT project since 2020, where her involvement includes the annual cyber security awareness campaign.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
