Supercharged AI phishing campaigns are ridiculously difficult to spot. Between better spelling, grammar, and structure, scammers are using AI to make phishing scams appear more legitimate than ever. Thankfully, you’re able to learn how to spot AI phishing campaigns and make sure you don’t become a victim.

1Analyze the Language of the Email Carefully

In the past, one quick skim was enough to recognize something is off with an email, typically the incorrect grammar and laughable typos being the giveaways. Since scammers now use generativeAI language models,most phishing messages have flawless grammar.

Not all is lost, though. While ChatGPT and similar models are getting close to being indistinguishable from natural human language, it’s relatively easy to detect AI-generated text. The flow of sentences is unnatural—one might say the biggest clue is that everything is too perfect.

Screenshot of Google Gemini depicting an example of an obvious phishing email

Here’s an example. I used Google’s Gemini to create an “email” from a supposed customer support rep warning users of a data breach. No phishing email is complete without a random external link, so I also asked AI to include a prompt inviting users to urgently change their password by clicking on a link. Behold, my AI-generated phishing email:

It looks legit at first, but there are a few red flags. For example, the phrase “Dear Valued Customer” is the model’s attempt to sound more personable and get you to ignore that a legitimate service will know your personal info. Needless to say, it’s a failed attempt.

reading a spammy suspicious email from an unknown sender

My biggest problem is that the tone is too formal, with tiny dashes of fake humanity introduced to convince you it’s an actual human rep writing the email. Also, remember what we mentioned about the language seeming unnatural? The sentence “This incident may have compromised the security of some accounts, including potentially yours,” sticks out like a sore thumb.

While not exactly “Nigerian Prince” level of notoriety, if you carefully read through unsolicited emails, you’ll soon spot the tell-tale signs.

2Look Out for Common Phishing Email Red Flags

Though AI tools have made phishing scams harder to spot, they retain some classic traits. As such, the usualtips for spotting phishingemails apply.

Scammers often impersonate businesses and are banking on you not noticing. For example, instead of an official ”info@members.netflix.com” email address, you may see something like “info@members.netflix-support.com.” You may also receive unsolicited links or attachments, which are generally a huge tip-off. Mismatched URLs containing barely noticeable misspellings or extra words are more difficult to spot but a huge clue you’re not on a legitimate site or responding to a real business.

My biggest advice goes beyond technical details. Simply ask yourself: why would a legitimate company actually send me this type of email and try to get me to act so quickly? Why would my bank ask me to download software or urge me to click on a weird link? Why would my bank refer to me as a “Dear Valued Customer” even though they already know my information?

3Don’t Fall For Deepfake Video Scams

Give humans anything, and they’ll discover a way to use it to scam others (this is why we can’t have nice things).AI deepfake video scamsare also becoming difficult to discern.

Scammers create authentic-looking clips using photo and video inputs and use FaceTime or Zoom calls to persuade potential victims (elders being a prime target) to hand over sensitive information.

Although it’s easy to assume only older folks will fall for this, these AI deepfakes are so sophisticated that even serious professionals fall for them. Such was the case in Hong Kong, where, according toThe Guardian, scammers deepfaked a company CFO and stole HK$200 million (around $25 million).

To avoid falling for this, always attempt to check if the source of the communication is valid. Because we’re talking about phishing, even if they’re using advanced AI tech, a scammer will try to create urgency to get you to act before you have time to think things through. If the request sounds unrealistic, it most likely is.

Identifying a deepfake video is not easy. Still, despite the sophistication involved, the final result may have tiny issues, such as unnatural jerky movements and lighting, which you can notice if you watch the video a few times. Sometimes, the lip-syncing may glitch and fall out of rhythm, which will seem jarring. Watch for issues around the mouth particularly, as it may struggle to match the script it’s working from specifically.

4How to Spot AI Voice Scams

Voice phishing, aptly named vishing, is also taking on a dystopian spin asit’s now possible to clone voices using deep learning algorithms. The results are eerily accurate. These scams are on the rise, and cybercriminals often pretend to be a loved one asking for quick cash.

That said, discerning if you’re dealing with a phishing attempt or emergency is relatively straightforward. Whenever you receive such communication, and someone is trying to get you to do something immediately, take a deep breath and first verify the individual’s identity. Since you’re communicating with the other person in real-time, try to spot any discrepancies in their story. You may notice tiny inconsistencies in their script.

It’s also worth mentioning that voice cloning technology is imperfect, and some issues may give it away. Digital audio speech may, at times, sound slightly robotic (a bit like autotune). Any uncanny pauses or weird speech patterns indicate something is off with the call. AI is advancing rapidly, and it’s frightening to think about how human-like it will be in the future. you’re able to circumvent AI phishing attempts if you stay vigilant, at least for now.