The Fraud Codex

Codex/AI-Powered Scams/AI-Enhanced Phishing
🤖

AI-Powered Scams

AI-Enhanced Phishing

High Risk

Highly personalized phishing emails written by AI that are more convincing and harder to detect than traditional phishing attempts.

Reported Losses

Part of $3 billion in business email compromise (2024)

Primary Targets

Employees, executives, anyone with email

Last Updated

2026-01-06

Also Known As

Spear Phishing

How Scammers Contact You

EmailLinkedIn messagesText messages

How This Scam Works

AI makes phishing emails dramatically more convincing by eliminating the telltale signs of traditional scams.

**Old phishing:** "Dear Customer, Your account have been suspended. Click link to verify."

**AI phishing:** Perfectly written, personalized email referencing your real job title, recent company news, and mimicking your CEO's writing style.

**How AI improves phishing:** 1. Perfect grammar and spelling (no obvious errors) 2. Personalization using scraped data from LinkedIn, social media 3. Mimics writing style of known contacts 4. Creates sense of legitimacy with accurate details 5. Automated at scale — thousands of unique, personalized emails

Red Flags to Watch For

  • ⚠️Unexpected request for urgent action
  • ⚠️Request to change payment details or wire money
  • ⚠️Pressure to bypass normal procedures
  • ⚠️Email asks for login credentials
  • ⚠️Links that don't match the displayed text
  • ⚠️Sender address slightly different from official domain
  • ⚠️Request comes at unusual time or seems slightly out of character

📝 Real Victim Account

"I received an email that looked exactly like it was from my CEO, referencing a board meeting that had actually happened. It asked me to wire $47,000 to a new vendor as an urgent payment. The writing style was perfect. I sent the money before realizing his email had been spoofed."

FBI Business Email Compromise Report

How to Protect Yourself

  1. 1Verify unexpected requests through a different channel (call the person)
  2. 2Hover over links before clicking to see actual URL
  3. 3Be suspicious of urgent requests to bypass normal procedures
  4. 4Use email authentication (SPF, DKIM, DMARC) at company level
  5. 5Enable two-factor authentication everywhere
  6. 6Train yourself to be suspicious even of well-written emails
  7. 7When in doubt, call the sender using a known number

🆘 What to Do If You're a Victim

  1. 1If you clicked a link, change your password immediately
  2. 2If you entered credentials, enable 2FA and monitor accounts
  3. 3If you sent money, contact your bank immediately
  4. 4Report to your IT department if it's a work account
  5. 5Report phishing to Anti-Phishing Working Group: reportphishing@apwg.org
  6. 6Report to FTC at ReportFraud.ftc.gov

🔗 Related Scams

AI Voice Cloning Scam

Scammers use AI to clone the voice of a family member, then call claiming to be ...

📚 Sources & References

Think You've Encountered This Scam?

Use our AI-powered scanner to analyze suspicious URLs, emails, or messages.

Scan NowBrowse All Scams