Skip to main content


Beware! AI is Powering More Effective Phishing Attacks

Back to Blog

Artificial intelligence is all over the news lately as it’s a powerful tool that can make people more productive. It can be fun to use as well… but not everyone is using it for fun or business productivity. Cybercriminals have noticed its potential too, and they’re using it to level up their phishing attacks. (Remember, phishing is an attempt to trick individuals into giving away sensitive information, often via email.)

Up to now, one way to spot a lot of emailed phishing attacks was to look at the way the email was written. Often there would be grammatical or spelling mistakes. While not all phishing emails contain them, when they are present these mistakes typically make phishing attempts easy to spot. Often this happens because of a language barrier; the cybercriminal on the other end isn’t a native speaker of the target’s language.

Now, with commercially available and even free AI models, this language barrier is being broken down. Cybercriminals can now target anyone, anywhere, in any language, without immediately giving themselves away. This not only means that phishing emails are becoming more convincing, but also more numerous. AI makes it almost effortless for a cybercriminal to target exponentially more people than before, and in different languages all over the world.

Here’s the good news: the skills needed to stay safe in this new world of AI phishing are the same as they were before. No matter how real an email may seem, question what it’s asking you to do. Are they trying to get you to open an attachment? Will the link you’ve been asked to click take you to a website you know and trust? Why are they sending an email for a supposedly "urgent" matter that you must deal with right away? Is the email telling you that you owe money or purchased a service that you never did?

If you’re ever even slightly unsure, consider deleting the email as you would with any other spam. If it is legitimate, they will contact you another way. Another option is to try to verify the sender and their request before complying. Just be sure to do so using a trusted form of contact; don’t reply straight to the potentially dangerous email or trust that the phone number included within it.

Find an official website using a search engine and verify the request through another form of communication. For example, if you ever get a communication by email, voice or text that claims to come from CCU, you can always call us at the number found on the Contact Us page at our website to verify it. 

Stay safe out there!