/pcq/media/agency_attachments/2025/02/06/2025-02-06t100846387z-pcquest-new-logo-png.png){kind=logo}
/pcq/media/member_avatars/2024-08-28t070132803z-img_7046.jpg )
Follow Us/pcq/media/media_files/2025/06/04/ae7DRsD3X9gmA7kDEr5D.png)
From fake CEOs to smarter malware, criminals are blending AI tools with old scams to devastating new effect
Phishing meets AI and the results are scary good
Phishing is a centuries-old problem that’s getting an upgrade, and it’s a whole new ball game for defenders. A new hybrid form of attack is emerging that’s tied to AI and familiar fraud vectors; staying ahead will require more sophistication, speed, and ultimately harder-to-pivot attacks.
In fact, we are seeing some new bad actors, CyberLock, Lucky_Gh0$t, and Numero, who are integrating and using AI not just to create more complex attacks but also using AI to create attacks that look like traps that look painfully realistic. They’re not just replacing scripts or manual operation; since AI is on everyone’s lips, they are embracing and using AI to automate bad content and impersonate trusted sources/mining sites, with a level of sophistication that’s almost impossible to detect.
Steve Wilson, Chief AI and Product Officer at Exabeam, said, “There are huge benefits for security teams with AI, but we can’t be naive in an ever-changing threat landscape.”
Old scams, new skin
Wilson explained how traditional phishing scams — those annoying emails saying you’ve won a lottery or your bank account needs “urgent” attention — are being rebranded. AI can generate perfect emails in seconds, fake websites that look like real brands, and even voice messages using deepfake technology.
“The sheer excitement and constant emergence of new AI tools means users are getting more comfortable trying services from unknown vendors,” said Wilson. “That blurs the line between legitimate innovation and criminal intent.”
He pointed out how attackers are now able to impersonate big companies with scary accuracy, making it harder for victims to tell the difference between real and fake interactions. The bottom line: trust is becoming a vulnerability.
/pcq/media/media_files/2025/06/04/phishing-587403.jpg "publive-image")
Malware that thinks
On the malware side, AI is helping attackers write adaptive code programs that change their behavior based on the system they land on. These aren’t static files that can be caught by traditional antivirus software. They morph. They learn. And they stay one step ahead.
Some AI-generated malware can detect when it’s being run in a sandbox (a safe test environment) and shut itself down to avoid detection. Others can scan systems for known vulnerabilities and launch targeted attacks, all without human intervention.
And because these tools are now available via phishing-as-a-service (PhaaS) kits sold on dark web forums, even less skilled hackers can get their hands on AI-driven attack capabilities.
Defense in a bind
Mike Mitchell, National Cyber Security Consultant at AltTab, said this surge in AI-powered attacks is creating a race between offense and defense.
“AI is changing the world of cybersecurity; it’s an ally and a threat,” Mitchell said. “On one side, defense teams use AI to detect threats faster and automate responses. But on the other side, attackers use the same tech to scale and sophisticate their attacks.”
He said with intelligent agents on both sides, ethical deployment and human oversight are more important than ever. “The future of cybersecurity is tied to the future of AI,” he said. “To survive it, we must adapt fast.”
/pcq/media/media_files/2025/06/04/phishing-goes-pro-as-cybercriminals-turn-to-ai-for-next-gen-attacks-785635.jpg "publive-image")
Vigilance is the new firewall
Organizations must recognize and stop underestimating the realities of today’s evolving threat landscape. A single click on a malicious link can no longer be viewed in isolation. Every new AI tool introduced into the environment should be treated as a potential Trojan horse, demanding careful scrutiny and proactive risk management.
Security leaders recommend
• Train users to think critically about every application and service.
• Use AI-driven defense tools that don’t just rely on known signatures but can sense unusual behavior.
• Run phishing simulation tests to raise employee awareness.
• Verify vendors before giving them access to the network or sensitive info.
"Users should always take new AI services with a grain of salt and be more self-aware of their actions," Wilson said. "Verify before you engage."
The AI arms race won’t slow down
The cybersecurity community is preparing for turbulence, and we won’t be going back to normal anytime soon. With every new AI discovery, criminals will find a way to monetize it. But it can also be used for defense and even risk mitigation if used proactively.
As both attackers and defenders prepare for the long-term AI arms race, we only have to remember that the battlefield has shifted from servers to minds. In an age of AI-driven threats, your best defense may just be your brain engaged and alert behind the screen.
More For You
Phishing in Online Gaming: Risks, Prevention & Solutions
Top 3 Must-Watch Films & Series to Learn Real-World Cybersecurity Tactics
AI-Powered Gaming: Smarter Worlds, Stronger Security, and Next-Level Play
Steam Game Downloads Used to Target Users with Malware