For two decades, security awareness training taught the same lesson: look for bad grammar, generic greetings, and clumsy urgency. That lesson is now obsolete. Large language models write flawless, natural prose in any language and any corporate tone. The misspelled phishing email is dead, and the campaigns replacing it are faster, more personal, and harder to spot than anything that came before.
The good news is that AI did not make phishing undetectable. It moved the detection points. Here is what to look for now.
What Changed
Attackers use AI across the entire campaign lifecycle. Language models draft the lures, scrape and summarize public profiles for personalization, and hold real-time conversations with targets who reply. Voice cloning tools turn a few seconds of recorded audio into a convincing phone call. Video generation puts a familiar face on a screen. Automation stitches these channels together, so a single operator can run pressure campaigns against thousands of targets that once required a full crew.
The result is that the surface of the message no longer tells you anything. Grammar, tone, and polish are all machine-perfect. Detection has to shift from how the message reads to what the message asks and how the sender behaves.
The New Tells
The ask itself
Strip away the wrapper and look at the request. Money movement, credential entry, MFA approval, gift cards, payroll changes, new bank details, or access to systems and data. AI can perfect the delivery, but it cannot change the fact that phishing must eventually ask for something valuable. Any request in these categories deserves verification, no matter how routine or well-written it looks.
Process and channel deviations
AI-driven campaigns are excellent at mimicking people and poor at mimicking your internal processes. Watch for requests that arrive through an unusual channel, skip a normal approval step, introduce a new portal or payment platform, or push you to move the conversation somewhere else, such as from email to a personal phone number or a messaging app. A vendor who suddenly changes remittance details in a beautifully written email is a bigger red flag than any typo ever was.
Personalization built entirely from public data
Modern lures reference your projects, your coworkers, your conference appearances, and your posting history. That feels like insider knowledge, but check what the message actually knows. If every personal detail could have been scraped from LinkedIn, a press release, or a podcast appearance, the familiarity proves nothing. Genuine colleagues know things that are not public.
Urgency plus secrecy
The pressure tactics survived the AI transition because they work. A request that is both urgent and confidential, such as an acquisition, a surprise for the team, or an executive who cannot be reached by phone, is the classic setup for fraud. AI just delivers it with better production values, and sometimes with a cloned voice to back it up.
Resistance to verification
This is the strongest signal left. A legitimate colleague will never object to a callback on a known number, a quick check with their manager, or a pause to confirm through official channels. An attacker must object, because verification kills the attack. Watch for any pretext that explains why normal confirmation is impossible right now. The more elaborate the reason, the more suspicious the request.
Audio and video artifacts
Cloned voices and generated video still show cracks: slight latency before responses, flat emotional range, refusal to go off script, or excuses for why the camera is low quality. Treat these as supporting evidence only. The technology improves monthly, and training people to trust their ability to spot a deepfake is training them to be fooled by the next generation of tools.
What Organizations Should Do
Retire typo-spotting from your awareness program and replace it with verification culture. Every request involving money, credentials, or access gets confirmed out-of-band on a known-good channel, with no exceptions for seniority or urgency. Put hard process controls behind the highest-risk actions: dual approval for payment changes, a mandatory callback for new bank details, and phishing-resistant MFA so that even a perfect lure cannot harvest a usable credential.
Then test it. Simulated phishing that still relies on broken English measures nothing. A realistic social engineering assessment, using the same AI-assisted personalization and multi-channel pressure real attackers use, shows you exactly where your process breaks and which teams need support.
The tells did not disappear. They moved from the message to the behavior around it. Train for that, verify relentlessly, and AI-polished prose stops mattering.
Brackish Security runs social engineering assessments that mirror how modern attackers actually operate. If you want to know how your team holds up against an AI-assisted campaign before a real one arrives, get in touch at brackish.io.
