Beyond Viral AI Videos: The Rise of Phishing Tactics

Beyond Viral AI Videos: The Rise of Phishing Tactics and How to Protect Your Organization

Gen AI has changed the game in many areas, from viral deepfake videos to chatbots that waste scammers’ time. However, while AI can entertain, it also raises a significant red flag: the rise of AI-driven/assisted phishing attacks.

Phishing has long been a thorn in the side of cybersecurity, but with the help of exceptional pieces of NLP (Natural Language Processing) innovation, it is now making these attacks more sophisticated, scalable, and harder to detect. To keep their heads above water, businesses need to understand how phishing tactics are evolving and what measures they can take to safeguard their assets.

How AI is Enhancing Phishing Attacks

Traditional phishing emails often feature poor grammar and generic language, making them relatively easy to spot. With AI in the mix, these attacks are now taking a new turn. Cybercriminals can now generate personalized, well-crafted emails at scale, making them much more convincing. They can even mimic writing styles to tailor their messages to specific individuals or organizations.

The stakes are higher with the emergence of AI-generated deepfake audio and video, which can be used to impersonate executives or suppliers, tricking employees into unauthorized transactions or sharing their confidential data.

New Attack Methods: SMTP Smuggling and Encoded URLs

As security tools become more sophisticated, attackers are continuously finding ways to outsmart them. Two particularly concerning techniques in 2025 include:

• SMTP Smuggling: This method exploits differences in how email servers interpret SMTP commands, allowing attackers to spoof emails from legitimate domains while bypassing security protocols like DMARC and SPF.
• Encoded URLs: Cybercriminals are now embedding phishing links in encoded formats, helping them evade secure email gateways and leading users to credential-harvesting websites or malware downloads.

These tactics make traditional email security measures less effective, requiring organizations to adopt more advanced defenses.

How AI is Scaling Cybercrime

AI doesn’t just improve phishing; it also accelerates it. Just as professionals use AI to draft emails faster, cybercriminals leverage it to automate phishing attacks on a massive scale. This means phishing scams can be customized and sent in the blink of an eye, significantly increasing their success rate.

Another concerning trend is AI jailbreaks, which enable attackers to manipulate AI systems to generate malicious content, including phishing templates and scam messages.

How to Protect Your Business from AI-Driven Phishing

To defend against these advanced threats, organizations must take proactive measures such as these oldie goldies with timely twists:

✔ Employee Training & Awareness – Conduct regular industry-standard phishing awareness training to help staff identify AI-generated scams and deepfake threats. Additionally, maintain an open dialogue about individual encounters, driven by the ethos and morale of the company.

✔ Advanced Email Security – Deploy AI-powered email security solutions that detect anomalies, SMTP irregularities, and encoded phishing links. Or, when in doubt and with nobody around to bounce the doubt off, take help from your AI chat (if already using one) with simple prompts like, “I suspect this email is a spam, could you help me scan it for any red flags?” and tackle it like a pro.

✔ Multi-Factor Authentication (MFA) – Mandate MFA for sensitive accounts to minimize the impact of credential theft. Consider adapting to anti-phishing multi-factor authentication (MFA) methods such as FIDO2, PKI Systems and Certificate-Based Authentication.

✔ Regular System Updates – Keep security systems, email servers, and software up to date to protect against new vulnerabilities. For instance, let Windows do an odd-hour update, trusting it’s Microsoft trying to fill the security gaps and squash the bugs for better performance.

✔ Incident Response Plan – Have a clear response strategy to detect, contain, and recover from phishing attacks quickly. Alternatively, plan ahead with your IT support and review regularly to ensure your solutions fit your business needs.


Final Thoughts

AI is making phishing attacks more sophisticated and difficult to detect. However, organizations that invest in cybersecurity awareness, advanced protection measures, and proactive monitoring can stay ahead of these evolving threats. While it’s a dog-eat-dog world out there, businesses that prioritize cybersecurity will be well-equipped to weather the storm and combat AI-driven cybercrime effectively.

Want to improve your business’s cyber game?

We can help! At Bandicoot, we have always gone above and beyond to provide efficient and effective solutions to help companies stay afloat in the ever-changing cyber world with its new challenges. From educational pieces to industry-standard services, we cover it all. We’re here to ensure you don’t get caught out when the chips are down.

Check out our case studies, testimonials and Google reviews to see for yourself!

Sources

1. “SMTP Smuggling: A New Email Security Threat” – The Hacker News
2. “AI-Driven Phishing and How to Defend Against It” – Yubico
3. “Encoded URLs in Phishing Attacks” – VIPRE
4. “AI in Cybercrime: How Generative AI is Being Exploited” – Google Cloud
5. “Google Report on Government-Backed AI Abuse” – Google Security Blog
6. “The Rise of AI-Powered Cyber Threats” – Abusix