Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Use of AI to Create Near Perfect Phishing Attacks


It used to be that you could spot a phishing email based on bad grammar or poor use of English (here in the US). However, by using Artificial Intelligence (AI), the scammers have the means to create perfect-looking emails. How do you combat this? By being aware and suspicious of all emails you are not expecting.

The advancement in AI technology has made it easier for even amateur hackers to analyze vast amounts of publicly available data about their targets and create highly personalized and convincing emails within seconds. These emails can be tailored to mimic the writing style of the target’s loved ones or friends, making them difficult to distinguish from legitimate communication.

The future of AI-powered attacks is a growing concern for cybersecurity experts. AI technology has been used to create deepfakes and simulate speech, making hybrid attacks involving email, voice, and video an approaching reality. The true threat lies in AI’s potential to conceive new attack methods that current systems are unable to detect. This means that you, the human, are the last line of defense. Be suspicious of any email you are not expecting, even if it looks like it is from your bank, a social media site, or someone at work. Never open attachments or click on links without verifying the legitimacy of that email, usually with a phone call, or another means besides replying to the email asking if the person, or business, sent it. 

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] (No Subject line from an external email address) – this phish spoofed the name of someone on campus but used a gmail.com address to ask for a favor
  • [Ext] Help! – this potential phish looked like it came from someone at another university, but the sender was using a @yahoo.com account

What was great about last week was there were a number of legitimate emails that you asked our security team to verify for you. Suspicion is your greatest friend in the world of phishes. 

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.