How to spot and stop AI phishing scams

Artificial intelligence can do a lot for us. Need to draft an email? AI has you covered. Looking for a better job? AI can help with that, too. It can even boost our health and fitness. Some tools, like AI-powered exoskeletons, can lighten heavy loads and improve performance. 

But it’s not all sunshine and progress. Hackers are also turning to AI, and they’re using it to make phishing scams smarter and harder to spot. These scams are designed to trick people into handing over personal details or money. One woman recently lost $850,000 after a scammer, posing as Brad Pitt with the help of AI, convinced her to send money. Scary, right? 

The good news is that you can learn to recognize the warning signs. Before we dive into how to protect yourself, let’s break down what AI phishing scams really are.

HOW AI BROWSERS OPEN THE DOOR TO NEW SCAMS

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter.

What are AI phishing scams?

AI phishing scams are when hackers use AI to make their scams more convincing. AI helps them create super-realistic emails, messages, voices and even videos. This makes it harder for people to tell what’s real and what’s fake. Old-school phishing emails were easy to spot because of typos and bad grammar. However, thanks to AI tools like ChatGPT, hackers can now create flawless, professional-sounding emails that are much harder to detect. AI-generated phishing emails aren’t the only threat. Hackers are also using AI to pull off scams like:

• Voice clone scams: They use AI to copy the voice of someone you know, like a friend or family member, to trick you.
• Deepfake video scams: They create super-realistic videos of someone you trust, like a loved one or a celebrity, to manipulate you.

Here’s how you can spot these AI-driven scams before they fool you.

1) Spot common phishing email red flags

Though hackers can use AI tools to write grammatically perfect email copy, AI phishing emails still have some classical red flags. Here are some telltale signs that it is an AI-driven phishing email:

• Suspicious sender’s address that doesn’t match the company’s domain.
• Generic greetings like “Dear Customer” instead of your name.
• Urgent requests pressuring you to act immediately.
• Unsolicited attachments and links requiring you to take action

The biggest red flag is the sender’s email address. There is often a slight change in the spelling of the email address, or it is an entirely different domain name. For example, a hacker might use an email like xyz@PayPall.com or a personal address from Gmail.com, such as the email below, or Outlook.com while pretending to be from PayPal.

Hackers are using AI to create scams that look frighteningly real. (Kurt “CyberGuy” Knutsson)

2) Analyze the language for AI-generated patterns

It used to be easier to spot phishing emails by noticing silly typos. Thanks to AI, hackers can now craft flawless emails. But you can still sense a phishing email if you analyze the language of the email body copy carefully. The most prominent sign of AI-generated email copy is that it looks highly formal with a dash of failed attempts to be personal. You might not notice it at first, but looking at it closely is likely to give a red flag. The language of such emails is often robotic.

3) Watch for AI voice clone scam warning signs 

With AI, it is possible to clone voices. So, there is no surprise that there is a steep rise in voice phishing, which is also known as vishing. Recently, a father lost $4 billion in Bitcoin to vishing. Though AI voice cloning has improved, it’s still flawed. You can spot inconsistencies by verifying the speaker’s identity. Ask specific questions that only the real person would know. This can reveal gaps in the scammer’s script. The voice, also, at times may sound robotic due to imperfections in voice cloning technology. So the next time, whenever you receive a call that creates a sense of urgency, ask as many questions as you can to verify the identity of the person. You may also consider verifying the claims through the second channel. If the person on the other side of the phone says something, you can get it confirmed by the official email to be on the safer side.

GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

4) Identify visual glitches and oddities in video calls

Deepfake videos are getting pretty convincing, but they’re not flawless yet. They have visual inconsistencies and oddities, which can make the voice or video appear fake. So watch the video carefully and try to catch the signs of unnatural eye movements, lip-sync issues, weird lighting, shadows and voice inconsistencies. You can also use a deepfake video detection tool to spot a fake video.

5) Set up and use a shared secret

A shared secret is something only you and your loved ones know. If someone claiming to be a friend or family member contacts you, ask for the shared secret. If they can’t answer, you’ll know it’s a scam.

Hackers are turning to artificial intelligence to make phishing scams smarter and harder to spot. (miniseries/Getty Images)

How to protect yourself from AI phishing scams

AI phishing scams rely on tricking people into trusting what looks and sounds real. By staying alert and practicing safe habits, you can lower your risk. Here’s how to stay ahead of scammers:

1) Stay cautious with unsolicited messages

Never trust unexpected emails, texts or calls that ask for money, personal details or account access. Scammers use urgency to pressure you into acting fast. Slow down and double-check before clicking or responding. If something feels off, it probably is.

2) Use a data removal service

Protect your devices with a trusted data removal service to reduce the amount of personal info exposed online. Fewer exposed details make it harder for scammers to target you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com.

3) Check links before you click and install strong antivirus software

Hackers often hide malicious links behind convincing text. Hover your cursor over a link to see the actual URL before you click. If the address looks odd, misspelled or unrelated to the company, skip it. Clicking blindly can download malware or expose your login details. Also, install strong antivirus software on all of your devices that blocks phishing links and scans for malware. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

CLICK HERE TO GET THE FOX NEWS APP

4) Turn on two-factor authentication

Even if a scammer steals your password, two-factor authentication (2FA) can keep them locked out. Enable 2FA on your email, banking and social media accounts. Choose app-based codes or a hardware key over text messages for stronger protection.

5) Limit what you share online

The more personal details you share, the easier it is for hackers to make AI scams believable. Avoid posting sensitive information like travel plans, birthdays or financial updates on social media. Scammers piece these details together to build convincing attacks.

6) Verify requests through another channel

If you get a message asking for money or urgent action, confirm it in another way. Call the person directly using a number you know, or reach out through official company channels. Don’t rely on the same email, text or call that raised suspicion in the first place.

Kurt’s key takeaways 

AI is making scams more convincing and harder to detect, but you can stay ahead by recognizing the warning signs. You should watch out for suspicious email addresses, unnatural language, robotic voices and visual glitches in videos, and always verify information through a second channel. You should also establish a shared secret with loved ones to protect yourself from AI-driven voice and video scams.

Have you experienced any AI-driven phishing scams yet, and what do you think is the best way to spot such a scam? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.