Most people think of AI as a tool for generating content. While it does that too, many people do not realize that AI is also becoming very good at imitating people.

When it’s fed enough examples, AI can learn how someone writes, including their tone, common phrases, formatting habits, and even the way they structure their emails.

That may sound harmless to you at first. After all, many people (including your coworkers) already use AI to help maintain a consistent writing style or draft their communications faster.

Unfortunately, there is another side to this technology that deserves attention: Attackers can use the same technology to imitate coworkers, managers, vendors, and even executives with alarming accuracy. Would you know the difference between your best friend and a good digital mimicry?

Why The Old Phishing Red Flags Are No Longer Visible

For years, employees were taught to identify phishing emails by looking for obvious warning signs like spelling mistakes, awkward grammar, or generic greetings that don’t identify you by name.

Some phishing messages do still show these signs sometimes, but AI has quickly made them a lot less reliable.

For example, attackers no longer need strong writing skills to create convincing messages. AI can generate professional, natural-sounding communication within seconds. In some cases, it can even imitate the communication style of a real person by scraping previous, public communications that they made!

All of that makes the old assumption that “bad writing equals phishing” increasingly outdated.

How Attackers Learn Your Writing Style

Most organizations share far more information online than they realize.

All of your company websites, social media profiles, LinkedIn posts, blogs, and other content is public online. In some cases, previous breaches have leaked confidential messages that threat actors can copy more closely. Essentially, AI analyzes all of those examples and then generates scam messages that closely resemble the way real professional connections communicate.

For example, if a manager typically writes short, casual emails with a direct tone, AI can imitate that style surprisingly well. It generates a phishing message that feels genuine and familiar instead of suspicious.

Why This Makes Social Engineering More Dangerous

People naturally trust communication that feels normal. If an email sounds exactly like your manager or coworker, then you’re much more likely to respond without questioning the request.

An attacker might send a simple message like:

“Hey, I need you to review this document before the meeting. Let me know once you’ve opened it.”

Without spelling errors, strange wording, or any other obvious red flags, that seems like a completely normal work request.

That’s what makes AI-assisted phishing so dangerous!

How Phishing Gets in Besides Email

AI can also help attackers create convincing text messages, chat conversations, support requests, and internal announcements. 82.6% of phishing messages were at least partly designed by AI last year.

That’s why you can no longer recognize a phishing attack based solely on how a message looks or sounds. As these tools continue improving, fake communication will become even harder to distinguish!

If something feels unusual, take a moment to pause and assess the situation more closely.

What You Should Focus On Instead

Instead of asking, “Does this look fake?”, you should start asking:

  • Is this request unusual?
  • Does it follow normal company procedures?
  • Is someone asking me to rush or bypass a process?

Even if the message looks legitimate, the request itself may still be suspicious! You should take special care when the request involves sensitive files, financial transactions, login approvals, passwords or gift cards.

Make a quick phone call, send a separate email, or directly message the person through an approved platform. Taking five extra seconds helps confirm whether a request is real before you take any hasty actions.

AI Is Changing the Threat Landscape

Artificial intelligence makes communication faster and more convincing for everyone…including attackers. That means that good security awareness includes more than looking out for obvious scams or poorly-written phishing emails.

Now, phishing attacks may look completely professional, sound familiar and even resemble the real communications of somebody you know. In many cases, that’s because the attacker no longer has to write the message themselves. Instead, AI does the hard work for them.

Whenever AI advances, people can use it to better protect their data — but hackers can also use it to try to steal your information, too.