Beware the next generation of phishing attacks

If phishing scams are supposed to trick people, why do so many of them still feel clumsy?

For years, the answer was simple: Most scams were mass-produced. 

The same email, the same fake website, sent to thousands of people and hoping a few would fall for it. 

That approach is still around, but it’s starting to evolve.

When generative AI first appeared, there was a lot of talk about “dynamic websites”.

Instead of one fixed site for everyone, pages would be generated on the spot, shaped by who you are, where you are, and what device you’re using. 

That future never really arrived for everyday businesses. It was complex and rarely worth the effort.

Cyber criminals, however, don’t need perfect systems. 

They need something convincing.

Security researchers have shown how this idea could be used for phishing. While it’s still largely experimental, it gives a clear picture of the next generation of scams.

A victim clicks a link and lands on a webpage that looks harmless. There’s no obvious malicious code sitting on the page. 

Once it loads, the page asks a legitimate AI service to help generate content. 

That content is then assembled and run directly in the person’s browser.

The result is a phishing page that’s created especially for that visitor. 

The wording, layout and code can all be different every time. There’s no single fake website for security systems to spot and block, because the scam doesn’t fully exist until someone opens it.

Before you panic, this method isn’t widespread yet. But the building blocks are in use. 

AI is being used to write malicious code, malware is increasingly assembled as it runs, and AI-assisted scams are becoming more common.

For you, this changes the rules slightly. 

Phishing is no longer just about spotting bad spelling or sloppy design. Future scams may look even more polished, personalised and completely legitimate.

That’s why modern protection focuses less on “don’t ever click the wrong thing” and more on limiting the damage if someone does. 

Tools like multi-factor authentication, secure browsers and email filtering still work, even when a fake page looks convincing.

Remember this: Phishing isn’t going away. It’s getting smarter. 

To stay protected now you must assume the next scam will look professional and make sure your defences don’t rely on people spotting obvious mistakes.

Want to check how exposed your business is? Get in touch.

Recent posts

It’s time to govern your team’s AI use

It’s time to govern your team’s AI use

Let me ask you a slightly uncomfortable question. Do you know which AI tools your team is using at work… and what they’re putting into them? Most business owners I speak to think they do. And then we dig a little deeper. Generative AI tools like ChatGPT and...

read more
Don’t forget to protect your browsing privacy

Don’t forget to protect your browsing privacy

When you open a browser on your phone, what do you think it knows about you? The websites you visit? Maybe your location? Possibly what you’ve searched for? The reality is, for many popular mobile browsers, it’s a lot more than that. A recent analysis looked at how...

read more
Do you really want your team to use this?

Do you really want your team to use this?

Here’s a question I suspect most business owners haven’t thought about yet. If one of your team buys something inside an AI chat window… is that okay with you? Because that’s exactly where things are heading. You’re probably already familiar with tools like...

read more