Phishing using AI no longer looks like phishing

Traditionally, phishing has been recognizable by poor language, generic phrasing, or obvious errors. This is now changing.

With AI, attackers can now:

• write error-free text in Norwegian and other languages
• mimic the tone and writing style of colleagues and business partners
• tailor messages based on publicly available information
• generate credible responses in ongoing email conversations

This means that traditional user awareness alone is not enough to stop these attacks.

– The attacks are no longer just mass mailings. They can be targeted, contextual, and highly realistic. To the recipient, they often appear to be completely normal communication, says Frank Kirkeng, head of SOC operations at the IT security company Netsecurity.

Exploiting trust and legitimate accounts

A particular challenge is that many phishing attacks do not originate from an unknown sender.

Attackers often attempt to gain access to existing email accounts. Once an account is compromised, it can be used to:

• send phishing messages from a legitimate sender
• continue existing email threads
• extract sensitive information
• build trust over time before attempting fraud

– When the attacker operates from a genuine account, many of the traditional red flags disappear. This makes the attacks far more effective, says Kirkeng.

AI increases the speed and accuracy of attacks

AI makes it possible to automate parts of the attack without compromising quality.

Where attackers previously had to spend time writing and customizing messages manually, they can now:

• generate large volumes of targeted emails quickly
• test different phrasing and see what yields the best response
• adapt in real time based on the employee’s response

Thisincreases both the speed and accuracy of the attacks and lowers the barrier to carrying out advanced phishing campaigns.

What should businesses do now?

These developments mean that businesses must rethink their approach to security. Modern phishing attacks are so convincing that it is unrealistic to expect employees to detect them every time. Human vigilance remains critical, but it must be combined with technical measures that stop the attacks.

We at Netsecurity recommend, among other things:

1. Implement phishing-resistant authentication

Solutions like FIDO2 ensure that stolen passwords cannot be used.

2. Limit access to approved devices

Requiring managed devices reduces the risk of account misuse.

3. Monitor user behavior

Combine known attack signatures with deviations from normal activity.

4. Train on modern phishing

Effective training requires that employees be trained to recognize modern phishing threats. Traditional examples that are no longer representative are no longer sufficient.

5. Be prepared for incidents

Have procedures in place for a rapid response if an account is compromised.

Employees as part of the attack surface

In today’s AI-driven threat landscape, phishing affects the entire organization.Attackers have gained a powerful tool that makes attacks more effective than ever. For businesses, this means that security levels must be raised, both technologically and organizationally.

– The attacks have become so convincing that it is not a question of if someone will be fooled, but when. That is why the company’s ability to detect and handle anomalies is crucial. This encompasses both technical security mechanisms and organizational response, concludes Kirkeng.

Want to learn more about phishing and phishing-resistant authentication?