Hackers Are Using AI to Make Phishing Emails Smarter – What Businesses Need to Know

The landscape of cyber threats facing UK SMEs is shifting beneath our feet. For years, we have trained employees to spot the "obvious" red flags of a phishing email: poor grammar, suspicious links, and generic greetings. However, the rise of generative AI has effectively retired the "badly written phishing email" as a primary concern. Today, cybercriminals are leveraging Large Language Models (LLMs) to craft sophisticated, hyper-personalised, and grammatically flawless communications that bypass traditional human scrutiny. At Black Sheep Support, we are seeing a marked increase in AI-driven campaigns that go beyond simple text generation. Hackers are now using AI to automate the creation of malicious payloads, embedding them into file types that bypass legacy security filters. As an SME, understanding how these tools are being weaponised is the first step in building a resilient defence strategy that satisfies both your operational needs and your regulatory requirements under UK GDPR.

The Evolution of the Phishing Toolkit

Historically, phishing was a numbers game. Attackers sent thousands of generic emails, hoping a small percentage of recipients would fall for the bait. AI has flipped this model on its head. With AI, attackers can now generate hundreds of unique, contextually relevant emails in seconds, tailored to specific industries, job roles, or even current events relevant to a specific UK business.

The threat has evolved from "spray and pray" to precision targeting. By scraping public data from LinkedIn, company websites, and Companies House records, attackers can train AI models to mimic the tone, vocabulary, and professional context of your peers, clients, or even your senior leadership team. This is no longer just about suspicious links; it is about sophisticated social engineering that feels entirely legitimate.

The SVG Threat: When Graphics Become Weapons

Microsoft recently uncovered a sophisticated campaign that perfectly illustrates the new AI-augmented threat model. Attackers were distributing emails containing what appeared to be a standard PDF document. In reality, the file was an SVG (Scalable Vector Graphic).

Why SVG files are dangerous

SVG files are essentially code—specifically, XML-based code that describes an image. Because they are designed to be dynamic and interactive, they can house embedded JavaScript. When a user opens an SVG file that they believe is a PDF, the embedded script can execute in the background, redirecting the user to a spoofed login page designed to harvest credentials.

The AI component here is crucial: Microsoft’s analysis indicated that the malicious scripts hidden within these files were unusually verbose and complex. They were written in a way that mimicked legitimate business data schemas, using terms like "revenue," "operations," and "risk." This creates a "noise" that confuses automated security scanners, making the malicious code look like harmless, albeit complex, corporate documentation.

The Mechanics of an AI-Driven Attack Chain

To defend your business, you must understand the lifecycle of these modern attacks. They are rarely a single event; they are a process.

1. Reconnaissance: Attackers use AI to scrape your digital footprint. They identify the names of your Finance Director, your IT lead, and your current suppliers.
2. Compromise: They may gain access to a low-level email account through a previous breach.
3. Infiltration: Once inside, they use the compromised account to send internal phishing emails. Because the email originates from a trusted domain, it bypasses many external firewalls.
4. Payload Delivery: The AI-generated SVG attachment is sent, often with a message like: "Please review the Q3 risk assessment report."
5. Exfiltration: The user opens the file, the script runs, the fake login page captures credentials, and the attacker gains access to your environment.

This process is designed to be invisible. By the time a business owner realises something is wrong, the attacker may have already established persistence, allowing them to monitor communications or deploy ransomware at a time that causes maximum disruption.

Strengthening Your Defences: A Practical Roadmap

The threat of AI-driven phishing is significant, but it is not insurmountable. By implementing a layered security approach, you can significantly reduce your risk profile.

1. Implement Domain Authentication (SPF, DKIM, DMARC)

If your business does not have these protocols configured, you are leaving the door open for impersonation.

• SPF (Sender Policy Framework): Specifies which mail servers are authorised to send email on behalf of your domain.
• DKIM (DomainKeys Identified Mail): Adds a digital signature to your emails, ensuring they haven't been tampered with in transit.
• DMARC (Domain-based Message Authentication, Reporting, and Conformance): Tells receiving servers what to do if an email fails SPF or DKIM checks.
• Action: Contact us to ensure these are correctly configured and monitored.

2. Multi-Factor Authentication (MFA) is Non-Negotiable

MFA is your single most effective defence against credential theft. Even if an AI-generated phishing email successfully harvests a password, the attacker cannot access the account without the second factor (an app-based token or hardware key). We recommend moving away from SMS-based MFA, which is susceptible to "SIM swapping" attacks, and moving toward authenticator apps or FIDO2-compliant security keys.

3. Cyber Essentials Certification

For UK SMEs, Cyber Essentials is the gold standard for foundational security. It requires you to address the very vulnerabilities that attackers exploit, including secure configuration, access control, and malware protection. Achieving this certification demonstrates to your clients that you take data security—and your obligations under UK GDPR—seriously.

4. Continuous Security Awareness Training

The "human firewall" remains your last line of defence. However, training cannot be a one-off event. You need to run regular, simulated phishing campaigns that reflect modern tactics. Your team should be trained to:

• Pause before opening any attachment, regardless of the sender.
• Verify unusual requests via a secondary communication channel (e.g., a quick phone call).
• Report suspicious emails immediately to your IT support provider.

The Role of Managed IT in the AI Era

The speed at which AI-driven threats evolve makes it difficult for a small business owner to keep up. As an SME, your focus should be on running your business, not monitoring the latest threat intelligence feeds. This is where a partnership with a managed IT and cyber security provider like Black Sheep Support becomes essential.

We don't just "fix computers." We act as an extension of your team, providing the proactive oversight required to stay ahead of cybercriminals. We monitor for anomalous login activity, assist with the implementation of robust email filtering solutions that catch AI-generated threats, and provide the expertise to ensure your business remains compliant with the ICO’s expectations for data protection.

Key Takeaways

• AI is a force multiplier for attackers: It allows them to create highly convincing, targeted phishing campaigns that bypass traditional filters.
• Attachments are evolving: Hackers are using file types like SVGs to hide malicious code within seemingly innocent documents, often using AI to make the code look like legitimate business data.
• Don't rely on "gut feeling": Modern phishing is designed to look professional. Trust your technical controls (MFA, DMARC) more than your ability to spot a typo.
• Proactivity is key: Implement Cyber Essentials, enforce MFA, and maintain a culture of security awareness to minimise your attack surface.
• Use your support team: When in doubt, forward suspicious emails to your IT provider for professional analysis before interacting with them.

In an era where cyber threats are becoming increasingly automated and intelligent, your defences must be equally robust. By combining the right technology with a well-trained, vigilant team, you can protect your SME from the rising tide of AI-powered cybercrime.

To take the next step

Book a Discovery Call