AI-Powered Phishing Grows Harder to Spot. Workload Pressure Makes It Worse.
Seventy-two percent of U.S. desk workers say phishing attempts are more convincing than a year ago, according to a Sagiss survey. AI-written language has polished fraudulent messages to look legitimate, forcing HR and IT leaders to rethink security training.
Nearly two-thirds of workers believe an AI-generated message could impersonate a co-worker. Fifty-seven percent say AI makes phishing harder to detect because messages feel more professional. Fifty-nine percent express moderate to extreme concern about AI imitating a colleague's writing style.
How AI Changes the Feel of Fraud
The shift is qualitative, not just quantitative. Forty-two percent of workers have trusted a message because it sounded like someone they work with. Thirty-three percent notice better grammar in suspicious messages compared to last year. Twenty-seven percent report more personalized content, and 26 percent say the tone feels more natural.
"The issue is not merely that more phishing attacks exist," Sagiss reports. "The content may now look more polished and more believable inside ordinary workplace communication."
Employees Still Click First, Verify Later
Awareness campaigns have not changed behavior. Sixty-three percent of respondents clicked a work link in the past year and later felt they should have verified it first. Forty-five percent replied to an email or chat message and later questioned whether it was legitimate.
The problem runs deeper. Fifty-eight percent verify requests only after taking action. Forty-one percent admit they ignored initial suspicion at least once because a message seemed urgent.
Workload and Inbox Overload Drive Mistakes
Everyday work pressures create the conditions for error. Fifty-five percent of workers cite rushing between tasks or meetings as a factor. Forty-eight percent point to multitasking.
Thirty-seven percent say verification becomes hardest when a message looks legitimate or well-written. But twenty-eight percent blame too many messages or notifications, and twenty-seven percent cite time pressure. Only 7 percent say they don't know how to verify.
High inbox volume compounds the risk. Twenty-two percent of respondents skim more quickly when faced with many unread emails. Fifteen percent prioritize urgency over verification.
Work bleeds beyond office hours. Sixty-nine percent check email or chat outside normal business hours at least sometimes. Thirty-four percent have responded to a work message after hours and later felt they should have verified it more carefully.
What HR Can Do
Training must reflect the new threat. Update programs with real examples of AI-generated phishing emails, deepfake videos, and fake voice calls. Emphasize that polished, personalized, or urgent messages can be just as suspicious as poorly written ones.
- Run phishing simulations using AI-generated emails and AI-cloned voice messages. Treat failures as coaching opportunities, not punishments.
- Teach standardized verification procedures: confirm unusual requests via a second channel (phone, in person, known contact number) before acting.
- Make clear that no executive is allowed to pressure employees to skip verification. Highlight simple two-factor checks like callbacks or code words.
- Build a no-blame reporting culture so employees feel safe reporting suspected phishing or mistakes.
- Reward vigilance and prompt reporting to strengthen security culture.
- Issue clear guidelines for safe AI tool use. Warn staff not to input sensitive company data into external AI systems without approval.
- Educate employees about unsanctioned AI plug-ins. Instruct them to consult IT or security before adopting any new AI-based tools.
The core challenge is straightforward: employees make fast decisions in high-pressure environments while fraudulent messages grow harder to distinguish from legitimate ones. Awareness alone has not solved the problem. Organizations must address the workload pressures that force people to act first and verify later.
For HR professionals managing these risks, understanding how AI for Human Resources can support security initiatives is increasingly critical. Those in executive roles may find the AI Learning Path for CHROs relevant to developing organizational cybersecurity strategy.
Your membership also unlocks:
