🤖 AI-Generated Phishing Emails: How to Detect Deepfake Messages
AI-Generated Phishing Emails: How to Detect Deepfake Messages
Traditional phishing detection relied on broken English, spelling errors, and generic greetings. AI-generated phishing emails eliminate all of these red flags. A May 2026 study by the Anti-Phishing Working Group found that AI-written phishing emails bypass traditional spam filters 87% of the time, compared to 52% for human-written phishing emails.
What AI-Generated Phishing Looks Like
Attackers use LLMs like ChatGPT, Claude, and Gemini to craft emails that: reference recent events or internal projects (sourced from LinkedIn or corporate websites), mimic the writing style of the impersonated individual, include plausible internal jargon and project names, personalise each email with the recipient's role, department, and recent activity, and maintain consistent tone throughout the message thread.
Detection Methods That Still Work
- Sender domain inspection — AI can't fake the actual sender domain. Check the SMTP envelope, not just the display name
- Contextual anomalies — does the request match the sender's normal behaviour?
- Secondary verification — verify unexpected requests through a different channel (phone call, Teams message)
- DMARC/DKIM failures — properly configured email authentication blocks most domain spoofing
Deepfake Voice (Vishing) Adds Another Layer
AI doesn't just write better phishing emails — it makes convincing phone calls. Deepfake voice clones require only 30-60 seconds of source audio, which attackers harvest from voicemail greetings, conference call recordings, or social media videos. In the most sophisticated attacks, the attacker calls the victim posing as their CEO or vendor contact, referencing legitimate context scraped from internal communications.
Building AI-Aware Defences
Organisations need to shift security training from grammar-spotting to behaviour-based verification. Enforce a "verify through a separate channel" policy for any request involving payments, credentials, or sensitive data. Deploy AI-based email security tools that analyse message metadata and sender behaviour patterns rather than just content signatures.