Skip to main content
TopAIThreats home TOP AI THREATS
Technical Attack

Phishing

A social engineering attack using fraudulent messages to trick recipients into revealing credentials, installing malware, or transferring funds.

Security & Cyber Information Integrity

Definition

Phishing is a social engineering attack in which an adversary sends fraudulent messages — most commonly email — designed to deceive recipients into revealing sensitive credentials, installing malware, or authorising financial transactions. Phishing campaigns rely on impersonation of trusted entities such as banks, employers, or government agencies. AI has significantly enhanced phishing by enabling the automated generation of grammatically fluent, contextually personalised messages at scale, making attacks more difficult to distinguish from legitimate communications. Variants include spear phishing (targeted at specific individuals), whaling (targeting executives), and business email compromise.

How It Relates to AI Threats

Phishing intersects with AI threats primarily within Security & Cyber, where large language models enable attackers to generate highly convincing messages that bypass traditional detection heuristics such as grammatical errors or generic phrasing. Within Information Integrity, AI-enhanced phishing contributes to deepfake identity hijacking when combined with synthetic voice or video elements. AI also enables automated reconnaissance, allowing attackers to personalise phishing messages using scraped social media data and publicly available information about targets.

Why It Occurs

  • Large language models can generate fluent, contextually appropriate phishing messages in any language
  • AI enables personalisation at scale, tailoring messages to individual targets using publicly available data
  • Traditional email filters rely on pattern matching that AI-generated messages can evade
  • The cost of producing high-quality phishing campaigns has decreased substantially
  • Human cognitive biases — urgency, authority, and social proof — remain effective regardless of technological sophistication

Real-World Context

AI-enhanced phishing has been documented in multiple threat reports, including campaigns using large language models to generate personalised lures (INC-23-0006). Security researchers have demonstrated that LLM-generated phishing emails achieve higher click-through rates than human-authored equivalents in controlled studies. The FBI’s Internet Crime Complaint Center has reported year-over-year increases in phishing-related losses, with business email compromise alone accounting for billions in annual damages. AI-enhanced phishing represents a convergence of social engineering and generative AI that compounds existing cyber threat patterns.

Related Incidents

INC-23-0006 high 2023-07

WormGPT: AI-Powered Business Email Compromise Tool

Related Threat Patterns

Deepfake Identity Hijacking Information Integrity AI-Morphed Malware Security & Cyber

Related Terms

Vishing Smishing Business Email Compromise
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-02-14