Phishing attacks with Artificial Intelligence. A growing threat

By Eduard Bardají on Jun 17, 2025 12:35:06 PM

AI-Powered Phishing Attacks

In recent years, phishing has undergone a significant transformation due to the integration of artificial intelligence (AI) into cybercriminals' tactics. This evolution has led to more sophisticated and harder-to-detect attacks, increasing their prevalence and effectiveness.

Nueva llamada a la acción

Evolution of Phishing with the incorporation of AI

Phishing, traditionally characterized by generic and easily identifiable emails, has taken on new forms with the help of AI. Cybercriminals now use advanced language models to generate highly personalized messages based on specific data from victims, increasing the success rate of their scams. Moreover, AI allows for the creation of fake voices and videos, facilitating "vishing" (voice phishing) and "deepfake" attacks that can deceive even the most cautious users.

Increase in phishing attacks driven by AI

Recent statistics indicate an alarming rise in phishing attacks powered by AI. According to a report by Zscaler ThreatLabz, phishing attacks increased by 47.2% in 2023, with a notable uptick in tactics that employ AI to create more convincing messages. Additionally, it is estimated that by 2025, approximately 1.31 million complaints related to AI-driven cyberattacks will be recorded, with potential losses reaching $18.6 billion.

Examples of phishing attacks that can be launched with AI

  • Personalized banking scams: Cybercriminals send SMS messages posing as well-known banking entities, notifying about account issues and requesting personal information. These AI-generated messages are highly convincing and have led many users to provide sensitive information.

  • Phone identity spoofing: Using advanced AI techniques, fraudsters can replicate the voice of known individuals or company representatives, making calls to request money transfers or confidential information. This method has increased the effectiveness of phone scams.

    eBook - Most Dangerous Cyber Attacks

Real cases: Companies that have suffered AI-designed phishing attacks

  • Identity spoofing in a public services company
    In 2025, the water company in Seville, Emasesa, was targeted by identity spoofing attempts via fake emails. Cybercriminals used AI to create messages that imitated official communications from the company, deceiving users into providing sensitive information or making fraudulent payments.

  • Phishing attacks on Gmail users
    In January 2025, scams targeting Gmail users were reported, where cybercriminals used AI to generate highly realistic phone calls. Posing as Google support agents, they convinced victims to provide account recovery codes, thereby gaining unauthorized access to their profiles.

  • Colonial Pipeline attack
    In May 2021, the US company Colonial Pipeline suffered a cyberattack by the DarkSide ransomware group. Cybercriminals combined traditional hacking tools with AI techniques to infiltrate the company’s IT system and encrypt its data, demanding a Bitcoin ransom in exchange for the decryption key.

How to detect and avoid AI-driven phishing

To protect yourself from these sophisticated attacks, it’s essential to adopt the following measures:

  • Direct verification: Before providing sensitive information or making transfers, confirm the authenticity of the request by contacting the entity or person directly through official channels.

  • Critical analysis of messages: Be cautious of messages that create a sense of urgency or alarm. Carefully check the sender’s email address and included links, looking for discrepancies or anomalies.

  • Training and awareness: Staying up to date and informed about the latest phishing tactics is important to avoid falling for scams. For companies, offering cybersecurity training to employees can help prevent falling into these types of scams and tricks that can jeopardize the company’s IT infrastructure.

  • Use of security tools: Install and keep up-to-date antivirus software and spam filters that can detect and block phishing attempts.

  • Multi-factor authentication (2FA): Implement two-factor authentication (2FA) on all possible accounts to add an additional layer of security and make unauthorized access more difficult.

AI has transformed the phishing landscape, making attacks more convincing and harder to detect. However, with a combination of caution, education, and proper security tools, it is possible to protect yourself effectively from these ever-evolving threats.

Additionally, we recommend conducting periodic audits of your system to assess its security level and identify security gaps or vulnerabilities that may become the entry point for a cyberattack.

Nueva llamada a la acción
Previous story
← Cybersecurity audits in the Biotech sector: Protect your innovation with ESED Attack
Next story
Cybersecurity in the food industry →
Utilizing Artificial Intelligence to prevent cyberattacks
Artificial Intelligence to prevent cyberattacks
Cybersecurity

Utilizing Artificial Intelligence to prevent cyberattacks

Sep 18, 2023 10:11:00 AM 4 min read
Petam.io 2.0 arrives with AI to democratize cybersecurity
Petam.io 2.0 arrives with Artificial Intelligence
ESED News

Petam.io 2.0 arrives with AI to democratize cybersecurity

Nov 12, 2024 12:30:22 PM 2 min read
Artificial intelligence and cybersecurity in the Biotech industry: The new frontier of digital protection
artificial-intelligence-and-cybersecurity-in-the-biotech-industry
Cybersecurity

Artificial intelligence and cybersecurity in the Biotech industry: The new frontier of digital protection

Jun 17, 2025 11:08:55 AM 4 min read

Subscribe to our newsletter and stay updated on the latest in technology and cybersecurity.
accio-10-negre (1)
pyme_innovadora_meic-SP_web
kit consulting cabecera