How AI Phishing Attacks Became A Threat in 2025

AI phishing is a type of cyberattack that uses AI to create personalized phishing messages, making them difficult to detect. AI algorithms are leveraged to analyze vast amounts of data, including social media and online behavior to craft targeted messages.

How Does AI Support Phishing?

AI refers to a broad scope of technology.

Put simply, it’s a machine learning strategy that allows machines to perform tasks like learning from data, recognizing patterns, solving problems, and making decisions, often with little or no human intervention.

One of the most publicized breakthroughs within the last decade is the rise of Large Language Models (LLMs) – AI models trained on vast volumes of written text. Since LLMs can generate natural language, they have become one of the most powerful core tools for AI-powered phishing.

Phishing is no longer limited to just messages. Generative AI threats now include:

  • Audio creation (e.g. voice cloning)
  • Live filters that falsify an attacker’s voice over calls
  • Deepfake video, where an attacker impersonates an employee’s face during video calls

These advancements accelerate phishing attacks in two major ways:

  1. Mass, semi-automated message creation. While a human may take 30 minutes to craft a single phishing message, LLMs can produce hundreds of slightly unique variations in the same amount of time.
  2. Timely, contextual targeting. AI enables attackers to rapidly integrate real-time news and corporate developments into phishing messages, making them more believable and difficult to detect.

In social engineering, the devil is in the details.

  • Spelling errors, awkward tone, and odd context are all red flags that often expose phishing attempts.
  • LLMs eliminate many of these indicators by producing messages with native-level grammar and natural tone.
  • Any information scraped from a target’s social media or online footprint can be instantly woven into personalized, convincing messages.

As a result, phishing has evolved into a faster, smarter, and more scalable threat—driven by AI’s ability to automate deception at scale.

Traditional Phishing vs. AI Phishing

A traditional phishing attack typically starts with a deceptive message, often an email or SMS, that appears to come from a trusted source, such as a bank or a government agency like the U.S. Postal Service.

These messages are designed to create a sense of urgency, pressuring recipients to act quickly without verifying the sender’s authenticity. A phishing attack’s payload is then usually hidden in a link or attachment.

  • Clicking the link may redirect the user to a counterfeit website
  • Downloading the attachment might install malicious software on the device

These tactics are intended to harvest sensitive data like login credentials or financial information. Once obtained, this information can be exploited for identity theft, financial scams, or unauthorized access.

An AI-driven phishing attack uses artificial intelligence to craft more convincing and tailored phishing messages.

These phishing messages may include familiar details, such as references to recent purchases, interests, or online interactions, making them appear more credible and harder to ignore. This personalization significantly boosts the chances of the recipient falling for the scam.

Plus, AI tools can rapidly create authentic-looking replicas of legitimate websites.

Real-World Examples of AI Phishing

Since AI tools can span such wide use cases within individual phishing attacks, it’s useful to pinpoint some real-world examples.

One of the more public tools is the free WormGPT. Based on the publicly-available OpenAI LLM, it removes all content creation safeguards that are packaged in its legitimate counterparts. Other publicly-hosted tools include FraudGPT, accessible on the dark web.

These LLMs are happy to generate any user requests, including the creation of phishing emails and web code to spoof specific websites. Some of the attacks being generated by these adversarial AIs include:

Deepfake Video Calls

With video conferencing now a standard mode of communication, attackers are able to leverage it against legitimate colleagues.

In early 2024, a finance employee in Arup’s Hong Kong office received a message, seemingly from the company’s UK-based CFO, requesting a confidential transaction. To alleviate any doubts, the employee was invited to a video conference where they interacted with what appeared to be the CFO and other senior staff members.

Unbeknownst to the employee, these individuals were AI-generated deepfakes.

This level of detail made the fraudulent video call convincingly authentic: as a result, the employee was duped into making multiple financial transfers totaling $25 million.

AI-Powered Voice Scams

Phone scams have grown far more convincing with the advent of AI voice cloning. Instead of crude impersonations, AI can generate near-perfect replicas of trusted voices.

In one of the first public attacks of its type, a UK-based energy firm was defrauded of $243,000 when attackers used AI-generated audio to mimic the voice of the company’s German CEO. The fraudsters convinced the UK CEO to transfer funds to a Hungarian supplier, with the voice replication so convincing that it included the CEO’s slight German accent and speech patterns.

The funds were subsequently moved through accounts in Hungary and Mexico before disappearing.

Polymorphic Email Attacks

Polymorphic phishing is an advanced form of phishing campaign that randomizes select components of emails – this could include their:

  • Content
  • Subject lines
  • Senders’ display names

The results are emails that individually evolve during an attack, with each message varying in small, strategic ways.

These polymorphic variants are designed to appear more personalized and are far harder to detect, significantly increasing the likelihood of successful compromise.

Stay Ahead of AI Phishing with Check Point Workspace Security

Adversarial AI methods are undermining pre-existing phishing prevention strategies.

By analyzing how these systems detect phishing attempts, attackers can make subtle modifications to their messages to avoid triggering alerts. As a result, relying solely on keyword or sender reputation is no longer sufficient for effective phishing detection.

In the same way that LLMs ingest vast swathes of language data, Check Point Workspace Security is trained off each end user’s historical email conversations and message history. This view is developed into the trust level between sender and receiver, allowing for the intent of each message to be measured against their underlying trust.

Alongside maintaining secure communication channels, Check Point Email Security is able to identify and block phishing sites in real time.

  • When a user browses a website, Check Point’s zero-phishing engine analyzes each webpage for spoofs or malicious credential theft.
  • If deemed malicious, the user is prevented from entering credentials.

Explore Check Point Workspace Security with a demo and start leveraging next-gen AI phishing protection

Loslegen

Anti Phishing

Workspace Security Email

Email Security Demo

Verwandte Themen

Spoofing vs Phishing

Klon-Phishing

Quishing

Spear Phishing