If phishing emails were fish, most inboxes would look like the seafood aisle at Tesco.
In this issue, we’re breaking down why even confident professionals — including company execs — are falling for increasingly sophisticated phishing scams. The results? Data leaks, financial losses, and a serious need for a cybersecurity wake-up call.
Phishing scams are trickier than ever — and AI is helping them fool even the best of us.
A recent survey by Dojo found that over half of UK workers and executives couldn’t spot a phishing email. Even worse, nearly half fell for fake Google Alerts or Dropbox messages — despite the obvious red flags, like shady URLs.
How It Works:
- Scammers send realistic-looking emails pretending to be from trusted sources — think Google Sheets invites, Dropbox shares, or calendar reminders.
- They include urgent messages like "Access shared files immediately" or “Security alert – click here.”
- Fake URLs and AI-generated content make these emails look frighteningly real.
- One wrong click, and you’ve handed over your login credentials or installed malware.
Who’s Targeted:
Literally everyone. While executives showed slightly better judgment with basic phishing attempts, they struggled more than others to spot AI-generated scams — an area that's growing fast. From interns to CEOs, no one is off-limits.
Real-Life Example:
In one recent test, more than half of participants couldn’t detect a fake Google Sheets invite. Even with signs like incorrect sender URLs or inconsistent branding, the scams slipped through. According to Dojo's Chief Information Security Officer Naveed Islam, “Not prioritising the protection of their data and capital can pose significant risks to the areas where investment is being placed.”
Why You Should Care:
Phishing emails don’t just steal passwords — they can compromise your entire business. Access to one account can lead to ransomware attacks, leaked confidential info, or financial fraud. And since AI can now write flawless emails that mimic tone, style, and urgency, the risk is only increasing.
As City of London Police Cyber Protect Officer Daniel Houghton put it: “Human error remains the single biggest vulnerability in cybersecurity.”
How to Protect Yourself:
- Don’t trust the sender at face value: Always double-check email addresses, especially when receiving alerts from platforms like Google or Dropbox.
- Hover before you click: Pause your mouse over any link to preview the URL. If it looks suspicious, don’t click.
- Use anti-phishing tools: Email clients like Outlook and Gmail have built-in phishing detection. Make sure they're enabled.
- Invest in regular training: Cybersecurity training should be ongoing — especially as phishing tactics evolve.
- Report suspicious emails: Don’t just delete them. Forward them to your IT team or report using your email service’s phishing tool.
Quick Tips & Updates
Quick Tip #1: Did you know? AI-generated phishing emails are now so sophisticated, even seasoned IT pros are being fooled.
Quick Tip #2: Pro Tip: Never open shared docs from unsolicited emails — especially if you weren’t expecting one. Confirm with the sender via a separate channel.
Stay safe, stay informed.
Keywords Defined:
- Phishing: A type of cyberattack where scammers impersonate trusted sources to steal personal or financial information.
- AI-generated scams: Scams written or supported by artificial intelligence to appear more realistic and personalized.
- URL spoofing: A technique used by attackers to make a fake website or link look like it belongs to a trusted source.
- Human error: Mistakes made by users — such as clicking on a scam link — that often lead to breaches.
To read more, kindly find source article here