Lesson 5 of 8
AI-written scams
6 min read
Phishing used to be easy to spot: broken grammar, weird spelling. AI writes flawless, personalised messages now — so the old "look for typos" advice is dead. What replaces it?
Check the structure, not the spelling
Polished text tells you nothing anymore. The reliable signals are structural: the sender's real domain, where a link actually goes, and manufactured urgency. Those are hard to fake and easy to check.
Good writing is no longer a safety signal. Judge the envelope, not the prose.
Slow down the rush
Scams engineer a ticking clock — "act within 24 hours," "account will be limited" — because rushing you past thinking is the whole game. Hover a link to see its true destination, and reach the company through their official app or site, never the email's link.
Urgency is a red flag by itself. Real institutions can wait for you to check.
When an email pushes you to click and hurry, open the service yourself in a new tab or app instead of using its link — that one habit defeats most phishing.
Your phishing checklist
- —Flawless writing no longer means it's real.
- —Check the sender domain, the link's true target, and the urgency.
- —Reach the company yourself — don't use the email's link.
A well-written email from your "bank" links to a login page. Smartest check?
Continue in the app
Take the whole AI Security for Everyone course — tracked
Get your personalized path, progress and streaks in the app — this lesson and every next one, in order.