How to Spot a Phishing Email Now That AI Is Writing Them
By LNS Engineer

For years, the standard advice for catching a scam email was simple: look for bad spelling, clunky grammar, and a logo that's slightly off. If it looked sloppy, you deleted it. That advice worked because most phishing really was sloppy.
It isn't anymore.
The fastest-growing email threat to small businesses right now is phishing written by AI. It's clean, well punctuated, personalized to your company, and convincing enough to fool people who have spent years spotting the typos. The same tools have made these messages cheap to send at scale, and they've added a new twist: deepfake voicemails and videos that sound and look like a real manager asking for an urgent wire transfer.
The good news is that you don't need to become a security expert, and you don't need an enterprise budget. You need to stop relying on your eyes and start relying on a few habits. Below are the signals worth watching for, and more importantly, what to do instead.
Stop hunting for typos. Watch for these signals instead.
1. Urgency and pressure. "Act now or your account will be closed." "Approve this before end of day." Real companies and real colleagues rarely threaten you into clicking. Manufactured urgency is the oldest trick in the book, and it still works because it shuts off the part of your brain that pauses to think. When a message rushes you, treat that as your cue to slow down.
2. A request to move money or change payment details. This is where small businesses lose real money. An email asks you to update a vendor's bank details, pay an "overdue" invoice, or send a wire, and it looks completely legitimate. Treat every one of these as guilty until proven innocent. Before anything moves, confirm it by phone using a number you already have on file, never a number or link from the email itself.
3. A sender address that's almost right. Attackers register look-alike domains, with a single swapped or added character that's easy to miss at a glance. The display name says your bank or your supplier, but the actual address is off by one letter. Slow down and read the full address, one character at a time. That one letter is often the entire scam.
4. Links that don't go where they claim. Hover over a link before you click it (on a phone, press and hold). If the visible text says one thing and the destination is something else entirely, don't click. Be especially wary of any link that drops you onto a login page. Typing your password there hands it straight to the attacker.
5. An unusual request from someone in charge. Watch for the "CEO" email asking for gift cards, a quiet favor, or a quick wire "before the meeting," usually with a note to keep it confidential. Secrecy, urgency, and authority are a classic combination. And it is no longer just email. Criminals can now generate a voicemail that genuinely sounds like your boss. If a request feels out of character, confirm it in person or on a known phone number before you act.
6. Unexpected attachments. An invoice you weren't expecting, a "shared document," a delivery notice. Attachments and the links inside them are common ways to deliver malware. If you didn't ask for it and aren't sure why it arrived, verify before you open it.
7. Anything that skips your normal process. This is the one that ties the rest together. If a message asks you to go around your usual approval steps, whether to do it faster, more quietly, or "just this once," pay attention. The friction you're being asked to skip is exactly the friction that keeps you safe.
The habits that actually protect you
Spotting red flags is useful, but people are busy and even careful people slip. The businesses that don't get hurt are the ones that build a few simple guardrails, so a single mistake can't turn into a disaster.
Verify out of band. For any money request or password reset, confirm through a separate channel. Call a number you already know, or walk over to someone's desk. This one habit stops the most expensive attacks cold.
Turn on multi-factor authentication everywhere. MFA means a stolen password on its own isn't enough to get in. Microsoft has reported that it blocks the large majority of account-takeover attempts, well over 99% in their analysis. Turn it on for email, banking, payroll, cloud storage, and remote access. Where you can, use an authenticator app or a hardware key instead of text-message codes.
Make reporting easy, and reward it. Give your team a simple, no-blame way to flag a suspicious message, and thank the people who use it. You want employees racing to report a maybe-scam, not quietly hoping they didn't just click something they shouldn't have.
Train in small, regular doses. A short refresher every month or two, using a few real examples, beats one long annual session that nobody remembers. The point isn't to scare anyone, just to make "pause and verify" feel automatic.
Keep backups you've actually tested. A good guideline is the 3-2-1 rule: three copies of your data, on two kinds of media, with one kept offline or offsite. Then prove you can restore from them. A backup you have never tested is just a hope. Tested backups are what stand between a bad click and a closed business if ransomware ever gets in.
When in doubt, pick up the phone
The reassuring part is that the basics still work. Attackers have better tools now, but they're still counting on speed, pressure, and people not stopping to check. A workplace where it's normal to slow down and verify, backed by MFA and tested backups, beats the overwhelming majority of what's out there.
We're a local team, and we would genuinely rather help you prevent the 2 a.m. emergency than clean up after one. If you're not sure whether your email, accounts, and backups are ready for today's threats, we're glad to take a look and talk it through in plain English, with no pressure and no jargon.
Because when it comes to a scam email, the last and best line of defense isn't a piece of software. It's a person who knows to stop and ask, "Wait, is this real?"
Have IT Questions?
Our team is here to help. Schedule a free consultation and get answers from Northeast Ohio's IT experts.
Schedule Your ConsultationOr reach us directly
Free consultation. No obligation. No hard sell.