The phone call lasted four minutes. The voice on the other end was calm, authoritative, and unmistakably familiar, a near-perfect replica of the CEO's Western Australian accent. The caller asked a financial executive to approve an urgent transaction. The executive was suspicious, not because anything sounded wrong, but because the request felt slightly off. So, he asked a question only the real CEO would know how to answer. The caller couldn't. The fraud attempt failed. This was not a scene from a science fiction film. It was a modern AI-powered phishing attempt, one of thousands now targeting organisations globally every single day. The availability of free or trial-based AI tools, such as ChatGPT, has made it easier for cybercriminals to generate convincing phishing content, with the potential to create up to 30 templates per hour.
2025 will be remembered as the year artificial intelligence transformed phishing from a numbers game into precision targeting. According to multiple security research firms, phishing attacks linked to generative AI surged by an astounding 1,265% compared to previous years. The World Economic Forum reported that phishing attacks overall increased by 1,200%, driven largely by AI’s ability to craft hyper-realistic, personalized lures at scale.
The numbers tell a sobering story:
- 82.6% of phishing emails now use AI in some form, whether for text generation, personalisation, or obfuscation. That's not a fringe trend. It's the baseline.
- AI-generated phishing emails achieved a 54% click-through rate, compared to just 12% for traditional phishing campaigns.
- Nearly 83% of phishing emails in 2025 were AI-generated, according to KnowBe4’s Phishing Trends Report.
- 3.4 billion phishing emails are sent daily; approximately 1.2% of all emails
What makes AI-powered phishing particularly dangerous is its elimination of the traditional red flags we’ve taught employees to watch for. Gone are the spelling errors, awkward grammar, and generic greetings. AI-generated phishing emails feature perfect grammar, contextually relevant content, and personalization based on publicly available information scraped from LinkedIn, company websites, and social media.

