5 ways AI is supercharging phishing scams
Phishing scams that were once laughably easy to spot have evolved into highly convincing, AI-generated attacks that can fool even cautious users. Learn how scammers are leveraging AI, and get Norton 360 Deluxe to help block scams and protect your accounts.
Unfortunately, phishing scams are getting a serious AI upgrade. From deepfakes that mimic loved ones to look-alike sites, AI-driven phishing attacks are now smarter, faster, and eerily convincing. In fact, Gen recorded over 140,000 AI-generated phishing sites in just the first three quarters of 2025.
Let’s break down the top five ways scammers are using AI to make phishing harder to spot and what you can do to help protect yourself.
1. Hyper-personalized messages that hit close to home
Scammers use AI to help them target you and craft messages that reference real details about you, making scams far more convincing than before. Using social engineering tactics, these AI scams are often more effective than the usual general phishing attempt.
Scammers can collect your public data (social media profiles, work bios, even family names) and feed it to AI models. That lets them build messages that sound like they came from a friend, coworker, or brand you trust.
Take this Reddit user, for example: They’ve observed a surge in cases of phishing attempts to work emails and personal numbers claiming to be the CEO of their company.
This is a key way hackers use AI for phishing: they tailor each message uniquely so the scam feels personal. Because of this, what makes AI-powered phishing harder to detect is that it removes the obvious “spammy” vibe. You might see a message referencing a recent trip, a credit card you used, or names you recognize, all to lull you into clicking.
2. Perfect grammar and zero typos
AI writing tools help scammers remove some of the classic red flags, like grammar errors and odd phrasing, so phishing looks polished and legitimate. This makes identifying fake messages much harder.
For example, I recently received a phishing text impersonating a recruiter. The message had no typos or odd phrasing that would immediately raise suspicion. That air of legitimacy is exactly what makes these scams so effective.
3. Deepfake audio and video that look and sound real
Attackers use AI to clone voices or faces to impersonate someone you trust, making phishing emotionally manipulative and harder to discount. Detecting a scam like this can be tough because your brain instinctively responds, "That's someone I know."
Thanks to generative AI, scammers can create deepfake videos or voice messages that mimic your boss, partner, or parent. For example, you might get a voicemail that sounds like your sibling, asking you to transfer them money because of an emergency situation.
Or worse, you can get the scare of a lifetime, like a mother in Arizona who received a scam phone call using AI to impersonate her daughter, claiming she was kidnapped. Cybercriminals were trying to scam her for ransom money. Scary as it was, thankfully, the mom didn’t fall for it.
4. Large-scale automated attacks
Scammers blast customized phishing attempts to many different numbers or emails with the help of AI. Then, like implementing an evil marketing campaign, they refine them to find the most effective ones.
Before AI, phishing required manual effort: writing dozens of emails, sending them out, and hoping a few get opened. But now, scammers can generate many uniquely crafted messages in minutes, test which ones get clicks, and evolve their tactics on the fly.
Because each version of a message has different wording, subject line, or presentation, traditional filters may struggle. Luckily, the same tech can be used for good, too.
Take Norton Scam Protection, for example. Our AI-powered anti-scam technology can help detect phishing attempts in your inbox, even when every message is unique.
5. Dangerous links in disguise
Scammers use AI to create convincing fake sites and disguise links, making phishing pages nearly indistinguishable from real ones.
Instead of crude domains like “account-secure.xyz,” AI tools can generate authentic-looking URLs, mimic company portals, or create dynamic landing pages. Attackers hide malicious code or redirect flows so that even tech-savvy users might not notice the switch.
Of course, everything looks “just right.” This is a common tactic used in malvertising schemes, particularly during the holidays when shopping deals are popping up.
How to outsmart AI-generated phishing scams
You can outsmart AI-generated phishing scams with a good combination of safety habits and cybersecurity tools. Here’s what you can do:
- Stay skeptical: Hit the pause button. Ask yourself: Does this request actually make sense? Scammers rely on creating urgency to bypass your better judgment.
- Verify all claims: Call, text, or message the person or company directly using verified contact info — not the info provided in the suspicious message.
- Use multi-factor authentication (MFA): Even if your credentials are compromised, MFA adds a strong barrier.
- Avoid oversharing personal information: The less data attackers have, the harder it is for them to personalize scams. Take some time to perform a social media cleanup.
- Update software & email filters: Always keep your software updated and mark as spam any suspicious messages.
- Use a scam detection tool: Modern security suites like Norton 360 with Norton Scam Protection include phishing protection built to detect AI-crafted scams.
AI scams are evolving — your defense should too
As AI-driven phishing continues to evolve, so should your defenses. Norton 360 Deluxe includes features like Norton Scam Protection, which uses AI to detect phishing messages and block malicious links before they reach your inbox.
Don't wait for scammers to get smarter. Stay informed, stay vigilant, and stay protected.
FAQs
What makes AI-powered phishing harder to detect?
AI-powered phishing is hard to detect because it removes the telltale signs of traditional scams like bad grammar, strange email addresses, or inconsistent tone. Instead, these messages feature human-like fluency and personalization that can easily slip past your defenses.
How can I tell if a message is AI-generated?
You can tell a message is AI-generated when it’s riddled with emotional pressure, unexpected requests, or inconsistencies in tone. Use tools like Norton Scam Protection to scan messages if you’re unsure.
Can AI-driven phishing fool security tools like spam filters?
Yes, many AI-generated emails can slip past traditional spam filters because they appear unique and natural. That’s why advanced security solutions are essential.
What should I do if I fall for an AI-powered phishing attack?
If you fell for an AI-powered phishing attack, change your passwords immediately, enable MFA, and run a malware scan to help detect threats.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.
Want more?
Follow us for all the latest news, tips, and updates.