As artificial intelligence continues to transform the world, it also introduces new avenues for cybercriminals. Threat actors are increasingly using AI to craft more convincing, targeted, and sophisticated attacks. It’s more important than ever to stay informed and alert.

AI allows cybercriminals to scale their attacks with alarming precision. In addition to generic phishing emails, threats may use advanced voice synthesis (cloning), natural language processing, and behavioral profiling to mimic colleagues, executives, or even you. Below are some AI-driven threats to be aware of:

Vishing (Voice Phishing) & Impersonation

Vishing uses phone calls to trick employees into revealing confidential information. With AI voice cloning, attackers can impersonate trusted voices, like an executive or coworker.

For example, you receive a call that sounds like your manager asking for login credentials or a wire transfer approval. It may not be them at all. When in doubt, always verify with the person using a different line of communication.

Fictitious Messaging/Social Engineering

AI can generate realistic text messages, emails, or even videos tailored to your role or team. These messages may appear to come from HR, IT, or other departments, and often convey urgency or authority.

For example, you receive an email that appears to be from the IT department asking you to “urgently reset your password at this link.”

Use the “Phish Alert” button in Outlook to report any suspicious emails. If the email is clean, Information Security will send it back to you.

Real World Examples

Earlier this year, a global firm lost over $25 million after an employee was tricked by a deepfake video call impersonating their CFO — the attackers used AI to replicate the executive’s voice and appearance with chilling accuracy.

Similarly, in 2025, cybercriminals used AI-generated deepfakes to impersonate U.S. Secretary of State Marco Rubio, targeting government leaders with convincing voice and text messages.

These incidents highlight how AI is being weaponized to exploit trust and manipulate high-level communications.

Tips to Stay Vigilant:

Slow Down Cybercriminals rely on urgency. Take a moment before responding.

Double Check Identities If something feels off, verify through a different channel.

Use Strong, Unique Passwords Enable multi-factor authentication wherever possible.

Stay Informed Watch for updates from your IT and Information Security teams.

Report Suspicious Activity If you see something, say something. Early reporting helps everyone.