For a long time, spam emails and online scams were easy to dismiss. Misspelled words, strange grammar, implausible claims from foreign princes – they had a kind of tell-tale shoddiness that made them simple to ignore. That era is largely over. Today, AI is enabling fraudsters to craft messages and schemes that are polished, personalised, and eerily convincing. Understanding what changed – and what to look for – has never been more important.

What Changed

The arrival of powerful large language models (LLMs) like ChatGPT transformed what a scammer with a laptop and an internet connection can produce. Where crafting a believable phishing email once required fluency in English and some copywriting skill, AI can now generate hundreds of tailored, grammatically perfect messages in seconds. The old giveaways – awkward phrasing, obvious translation errors, inconsistent tone – have been quietly scrubbed away.

Worse still, AI can be combined with data harvested from social media and data breaches. A scammer who knows your name, your employer, and a recent purchase you made can prompt an AI to write something that feels like it came from someone who actually knows you. This is sometimes called spear phishing – targeted deception rather than a mass scatter-shot approach.

The result is a wave of spam and scams that look professional, sound human, and arrive wearing very convincing disguises.

What AI-Generated Spam Looks Like

These emails tend to share a few characteristics:

They create urgency. AI is very good at generating emotionally compelling copy. Expect language designed to make you act quickly – “Your account will be suspended within 24 hours,” or “We noticed unusual activity and need you to verify your details immediately.” Urgency is the enemy of careful thinking, and fraudsters know it.

They impersonate trusted brands convincingly. AI can perfectly mimic the tone of a bank, a delivery service, or a tech company. The email might reference real-sounding transaction IDs, use accurate logos (copied from the web), and match the formatting of genuine communications down to the footer.

They feel personally relevant. A well-crafted AI phishing email might reference your approximate location, a service you actually use, or even address you by your full name. This is no longer unusual – it is now table stakes for a serious fraud operation.

They include a plausible call to action. Rather than asking you to wire money to a stranger, modern spam often asks you to click a link, confirm a password, or download an attachment – actions that feel routine.

How AI Is Powering Scams Beyond Email

Spam emails are just one part of the picture. AI has turbocharged online scams more broadly, in ways that can be even harder to detect.

Fake personas and social media accounts. AI can generate entirely believable identities — complete with profile photos created by image generators, coherent backstories, and fluent conversation. These fake personas are used to build trust over days or weeks before a scam is revealed: fake romantic partners, bogus investment advisors, or fraudulent job recruiters are all common examples.

Voice cloning. With just a few seconds of audio – often scraped from a public video – AI can clone someone’s voice convincingly enough to fool their own family. There are now documented cases of people receiving calls that sound exactly like a relative in distress, asking urgently for money. If you receive an unexpected call from a “family member” in trouble, hang up and call them back on a number you already have.

AI-generated investment scams. Fraudsters are using AI to build slick websites, fake trading platforms, and professional-looking reports promoting bogus investment opportunities – from cryptocurrency to foreign exchange. These can be almost indistinguishable from legitimate services at a glance.

Deepfake video. AI-generated video of public figures – celebrities, politicians, business leaders – is being used to promote fake investment schemes or endorse fraudulent products. If a video of a well-known person is promoting something that seems too good to be true, be very sceptical about its authenticity.

How to Spot Them

The good news is that no matter how polished the approach, the mechanics of fraud still tend to give it away. Train yourself to look past the surface.

Check the sender’s actual email address. The display name might say “Apple Support” or “HMRC,” but look at the raw email address. A message from apple-support@secure-verify-mail.com or hmrc-refund@taxgov.co.info is not from who it claims to be. Hover over or tap the sender name to reveal the real address.

Don’t click links in the email — go directly. If an email says your bank account needs attention, close the email, open your browser, and go to your bank’s website directly. Never use the link provided.

Be suspicious of unexpected contact. Legitimate companies rarely contact you out of the blue asking for urgent action. If you weren’t expecting an email about a delivery, a refund, or an account problem, treat it with immediate scepticism. The same applies to unexpected social media connections who quickly steer the conversation toward money or investment.

Look for mismatched details. Even AI-generated content often contains subtle inconsistencies – a link that goes somewhere unexpected, a phone number that doesn’t match the real company’s, or a video where the lip-sync is slightly off.

If someone asks for money unexpectedly, pause. Whether it’s a romantic interest you’ve never met in person, a supposed relative in distress, or a new investment opportunity offering exceptional returns – any unexpected request for money should trigger immediate scepticism. Genuine relationships and genuine investments can withstand a little scrutiny.

When in doubt, call. If a message claims to be from your bank, your employer, or a government body, phone them directly using a number you find independently. Not the number in the message. 

A Shift in Responsibility

The rise of AI-generated fraud represents a genuine shift in the threat landscape. The burden can no longer fall entirely on individuals to spot bad grammar and obvious tells. Email providers, platforms, banks, and governments all have a role in deploying better detection and education. But at the individual level, the most powerful defence remains the same as it always was: slow down, be sceptical, and verify before you act.

The scams may now be smarter. But so can we.