AI Phishing – When Emails Write Themselves

by | Sep 8, 2025 | Big Ts Tit Bits, Cyber Security

TL;DR:

  • Gone are the days of “Dear Esteemed Sir.” AI now writes phishing emails better than most humans.

  • Tools like GhostGPT churn out polished, personalised scams at scale.

  • Real SMEs have lost thousands because the “invoice reminder” looked perfect.

  • Email filtering, domain lockdown, and awareness still beat the bots.

The Nigerian Prince has retired. His replacement? AI with Grammarly Premium.

Phishing used to be easy to spot, terrible spelling, weird formatting, laughable English. Enter AI, and now scammers send polished invoices, tailored to your industry, even referencing your real suppliers.

  • Case 1: GhostGPT Goes to Work
    Criminal groups are using underground AI tools like GhostGPT to mass-produce scam emails. These emails don’t just read well; they adapt tone and industry jargon, making them almost indistinguishable from genuine correspondence.

  • Case 2: SME Invoice Scam
    A UK accountancy firm fell victim to an AI-written invoice scam. The email matched the company’s tone, branding, and even timing of usual communications. One small mistake in double-checking led to thousands lost.

  • Case 3: Stats Don’t Lie
    A 2023 study showed that 70% of phishing attempts contained AI-generated text, and recipients were twice as likely to click compared to traditional scam emails.

Why We Fall For It

AI removes the “red flags” we used to rely on: typos, poor grammar, odd phrasing. When an email looks flawless and references your supplier by name (because the AI scraped your LinkedIn), suspicion drops.

How To Stop It

  • SPF/DKIM/DMARC: Fancy acronyms, but they stop email spoofing cold.

  • Advanced Filtering: Modern email security catches most AI spam before it hits inboxes.

  • Awareness: Training staff to check links and verify invoices is more critical than ever.

Why Outsourced IT Is the Win

Without proper IT controls, it’s a coin toss between “dodgy email gets deleted” and “dodgy email gets paid.” Our Managed Partnership locks domains down, configures the filters, and trains your team, all without you needing to understand the acronyms.

Final Thought

AI-driven phishing removes the old warning signs we used to rely on: no more dodgy grammar or comically bad spellings. Instead, invoices look professional, emails reference real suppliers, and language is tailored to your industry. That makes it almost impossible to spot every scam with human judgment alone. The good news? Phishing still gets blocked by strong IT hygiene: DNS filtering, SPF/DKIM/DMARC, advanced email filtering, and trained staff.

At TLMartin Ltd, we make sure all of those boxes are ticked, policies are written, and protections are enforced. We act as your IT department, managing the technical controls in the background while also guiding your team with strategies that keep inboxes safe.

AI may have levelled up phishing, but with the right defences in place, it doesn’t need to level up your losses.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.