For a long time, people were told to spot scams by looking for things like bad grammar, odd formatting, or awkward wording. But that advice is not as helpful anymore.
According to the open-access paper Phishing 2.0: Human Ability to Detect AI-Generated Content, researchers say phishing now uses AI to create “persuasive and personalised content,” which makes it harder to tell fake messages from real ones.
Another review, Phishing Attacks in the Age of Generative Artificial Intelligence, says AI-driven phishing makes scams more personal, scalable, and deceptive, leading to campaigns that are “more effective and difficult to detect” than the old, generic scams.
This matters because scams are no longer just an online problem. People now find scam messages in the same places they handle daily tasks, like texts, emails, shopping apps, delivery updates, payment links, and customer support chats.
In an April 2025 blog about the FTC’s Impersonation Rule, the Federal Trade Commission said impersonation scams led to almost $3 billion in reported losses in 2024 and nearly 850,000 reports.
Scammers often pretend to be government officials, utility companies, banks, delivery services, or tech support because these roles already fit into people’s everyday routines.
AI is making fake messages sound more human
The deeper reason these scams are getting harder to spot is not just that criminals are sending more of them. It is that AI helps remove the imperfections that used to expose fraud.
The review article Phishing Attacks in the Age of Generative Artificial Intelligence says GenAI can be used to conduct “sophisticated phishing attacks” by exploiting human factors, including pressure, stress, time constraints, and the normal habits people bring to digital communication.
In practical terms, that means a scam message no longer has to look sloppy to work. It only has to sound plausible inside a moment when the recipient is busy, distracted, or already expecting some kind of message from a company or institution.
Law enforcement is seeing the same trend. Europol’s 2025 threat assessment, reported by Reuters, says AI lets criminals create messages in many languages, make realistic impersonations, and automate fraud on a large scale.
Europol’s summary says criminals can now target victims more precisely, which is a big change from the days of mass spam full of mistakes. The result is not just more phishing, but phishing that is much more believable.
People can still detect some fakes — but not as consistently as they think
It is important to remember that people are not powerless. The Phishing 2.0 study found that many survey participants could spot AI-generated content.
However, success rates depended on the type of media, and the authors said people still need to get better at detecting AI-generated content to lower the risk of “Phishing 2.0” attacks.
The real issue is not that people can never spot a fake, but that many are too confident in their instincts, even as scams get harder to detect.
This is why old safety tips are not enough anymore. A scam message does not have to be perfect; it just needs to seem normal enough to avoid suspicion.
The FTC says impersonators often claim there is a problem with an account, package, fine, or payment and pressure people to act fast. The agency also warns that caller ID can be faked and that people should avoid clicking links in unexpected emails, texts, or social media messages, since these are often meant to steal money or personal information.
In short, today’s scams work not because they look obviously fake, but because they blend in with everyday digital life.
Software companies are reacting because the problem is now mainstream
This is also why software companies are starting to see scams as a product issue, not just something users need to watch out for. In its March 2025 Android update, Google said that Messages now uses AI-powered Scam Detection to spot “conversational text patterns commonly associated with scams,” including messages that “seem harmless, but turn dangerous over time.”
Google also said these warnings happen in real time and on your device, so your conversations stay private. This shows that modern scams are not just about one suspicious link. Many scams now happen through conversations, step by step, until asking for money or personal data feels almost normal.
The U.S. Cybersecurity and Infrastructure Security Agency is taking a similar approach from a policy perspective. On its Secure by Design page, CISA says “every technology provider must take ownership” to make sure products are secure by design.
This is important because it means users are not the only ones responsible for spotting scams. As fake messages become more polished and automated, safer software design—like better warnings, safer default settings, stronger account protections, and smarter fraud detection—becomes part of the answer. Software safety is now part of everyday digital life, not just an issue for IT departments.
What this means for ordinary users now
The main takeaway is not to panic every time you get a text or email. Instead, it is important to update how you decide what to trust. Good grammar is no longer a reliable sign, and familiar branding is not enough.
Even messages that sound polite and well written can be fake. The FTC’s advice is still helpful because it focuses on behavior, not style: do not give money or personal information to someone who contacts you out of the blue, and if a message claims to be from a business or government office, use contact details you find yourself, not the ones in the message.
The bigger change is cultural. We are moving from an internet where scams were often easy to spot and laugh at, to one where they can sound fluent, timely, personal, and convincing.
Research explains why this is happening, law enforcement is warning that AI is making it worse, and software companies are starting to redesign their products to address it.
This is why scams and fake messages are harder to spot now. They are not just more common—they are better at fitting in.
