Why AI Phishing Gets Four Times More Clicks

AI-generated phishing gets clicked more than four times as often as the human-written kind. Not because people got careless. Because the emails got personal. The scam now knows things only a colleague should know.

He received a message, supposedly from the company’s UK-based chief financial officer, asking him to handle a confidential transaction. Something felt off. He suspected a phishing email, which is precisely the instinct two decades of security awareness training is meant to produce. He did not act on it. He asked to confirm.

So the attackers put him on a video call.

On the call was the CFO. So were several other colleagues he recognised, their faces and voices exactly as he knew them. They discussed the transaction, corroborated the request in real time, and answered his questions. Reassured by the people he could see and hear, the worker set aside his earlier suspicion and started executing. He made fifteen transfers totalling around 25 million dollars before he called head office and discovered the truth. Nobody on that call had been real. Every face, every voice, was an AI deepfake built from publicly available footage of Arup executives.

His instinct was correct. The technology overrode it. That is the whole story of phishing in 2026, and it is why the email in your inbox right now deserves more suspicion than you are probably giving it.

The Email You Picture Is a Relic

You know the one. Misspelled words. A prince with a fortune to share. A generic “Dear Customer.” Broken grammar that screamed fake from the first line. For twenty years we trained people to spot exactly that, and the training worked, because the scams were lazy and the tells were obvious.

That email is gone. What replaced it knows your manager’s name. It references the project you shipped last week. It matches your company’s tone. It arrives at 4pm on a Thursday when you are tired and clearing your inbox, and it asks you to do something small and reasonable. Nothing about it looks wrong, so you do it.

It is not a Nigerian prince anymore. It is a message that appears to come from someone you trust, about something you are actually working on, written more cleanly than most of your real colleagues write.

Four Times the Click Rate

Here is the number that should reset how you think about this.

AI-generated phishing emails achieve click-through rates more than four times higher than human-written ones. One analysis put it starkly: a 54% click rate for AI-crafted lures against 12% for the traditional kind. The same underlying scam, the same goal of stealing your credentials or your money, working several times as often.

This did not happen because people got more gullible. The opposite is true. Years of awareness training made the average employee better at spotting the old scams than ever before. The click rate went up anyway, because the email got better faster than the human got sharper.

The reason is personalisation at scale. Writing one convincing, tailored phishing email used to take a human attacker real time. They had to research the target, learn the company, mimic the tone, get the details right. That effort did not scale, so most phishing was generic, and generic was catchable. AI removed the effort. Now an attacker can generate ten thousand individually personalised emails, each one researched from the target’s public data, each one grammatically flawless, each one tuned to the specific person receiving it. Personalisation used to be expensive. Now it is free. By one recent measure, more than four in five phishing emails now contain some form of AI-generated content.

How It Knows What It Knows

The unsettling part is how little the attacker needs and how public it all is.

Your LinkedIn tells them where you work, what you do, who your colleagues are, and what you have been working on. Your company’s website lists your executives and their titles. A press release names your latest project. Your own posts reveal your writing style and your professional concerns. And a data breach from years ago, sitting in a dump somewhere, supplies your email and maybe an old password. One study found that more than 80% of phishing victims had their email address exposed in a prior breach.

An AI system can ingest all of that in seconds and assemble it into something that reads like it came from inside your organisation. The email from “your CFO” uses the CFO’s actual name and references a real initiative. The message from “IT support” mentions the actual software your company uses. The note from a “colleague” refers to a meeting that really happened, because someone posted about it publicly.

None of this requires the attacker to breach anything. The raw material is the digital exhaust we all produce just by existing professionally online. In the Arup case, the deepfaked executives were built from ordinary footage, the kind of video anyone can pull from a conference recording, a webinar, or a company channel. The AI’s contribution is assembling it into a weapon faster and cheaper than any human team could.

Why “I Would Never Fall For This” Is the Problem

The most dangerous person in any organisation is the one certain they cannot be fooled.

That certainty was reasonable when the scams were obvious. If every phishing email has broken grammar and a generic greeting, then “I check for those things” is a real defence. But the certainty did not update when the scams did. The person who still believes they can spot a phish by the spelling is defending against a threat that no longer has spelling mistakes.

I want to be direct, because I work in software and I am not exempt from this either. The new phishing does not fail the tests we were taught to run. The grammar is perfect. The sender looks right. The request is plausible. The context is accurate. By every heuristic the old training gave us, it passes. Which means the heuristic is the vulnerability. If your entire defence is “it looks legitimate,” you have no defence, because looking legitimate is precisely what the technology now does perfectly.

The Arup employee was not careless. He was suspicious, he tried to verify, and he was defeated by a verification method, seeing and hearing his colleagues, that used to be the gold standard. For most of working history, “I spoke to them” was proof. That assumption is expiring, and not in some distant future. It expired in a finance office in Hong Kong, on a video call that looked completely normal.

What Actually Works Now

The defence has to shift from spotting fakes to verifying requests. You can no longer authenticate the message. You have to authenticate the ask.

Verify through a second, independent channel. If a request involves moving money, changing payment details, sharing credentials, or anything with real consequences, confirm it through a different channel than the one it arrived on, using contact details you already have. The email says it is from your CFO? Call the CFO on their known number. Message them on the internal tool. The attacker controls the channel the request came through. They do not control the one you independently choose. Note that this is exactly the step that would have stopped the Arup loss: a single phone call to head office, made before the transfers rather than after.

Treat urgency as a warning, not an instruction. Almost every one of these attacks manufactures time pressure. “Before end of day.” “The client is waiting.” “I am going into a meeting, just handle it.” Urgency is engineered to stop you from verifying. When a request combines pressure with consequence, slow down precisely because it does not want you to.

Be suspicious of anything that breaks normal process. The CEO does not really email a junior employee directly asking for gift cards. Real payment changes go through real channels. When a message asks you to bypass the usual process “just this once” because of some special circumstance, the special circumstance is the scam.

Assume your public information is the attacker’s toolkit. You cannot un-publish your professional life, and you should not have to. But knowing that your LinkedIn, your company bio, and your old breached passwords are all feeding these attacks changes how you read a message that references them. The fact that an email knows real things about you is no longer evidence it is real. It is only evidence that the attacker did their homework, which now takes seconds.

The Shift We Have Not Made Yet

For two decades, security training taught us to look at a message and judge whether it seemed legitimate. That entire model assumed legitimacy was visible, that fakes had tells, that a careful eye could separate real from fraudulent.

AI broke the assumption underneath all of it. The fake no longer looks fake. It looks better than real, because it was optimised to.

The mental shift this demands is uncomfortable, because it means giving up the quiet confidence most of us carried that we, personally, were too sharp to be caught. We were not that sharp. We were facing lazy attackers. Now the attackers are automated, and the only durable defence is to stop trusting what we see and start verifying what we are asked to do.

The email knows your name. It knows your boss. It knows your last project. None of that means it is real anymore. It just means the homework got cheap.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *