{"id":28075,"date":"2026-03-24T01:00:41","date_gmt":"2026-03-23T17:00:41","guid":{"rendered":"https:\/\/bigband.net.my\/?p=28075"},"modified":"2026-03-18T18:02:29","modified_gmt":"2026-03-18T10:02:29","slug":"ai-phishing-why-your-staff-cannot-tell-fake-from-real-anymore","status":"publish","type":"post","link":"https:\/\/bigband.net.my\/index.php\/2026\/03\/24\/ai-phishing-why-your-staff-cannot-tell-fake-from-real-anymore\/","title":{"rendered":"AI Phishing: Why Your Staff Cannot Tell Fake from Real Anymore."},"content":{"rendered":"\n[et_pb_section fb_built=”1″ _builder_version=”4.27.5″ _module_preset=”default” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”0px||20px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_text_color=”#0060ae” header_font_size=”50px” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”40px||0px||false|false” custom_margin_phone=”20px||0px||false|false” hover_enabled=”0″ header_font_size_tablet=”46px” header_font_size_phone=”40px” global_colors_info=”{}” sticky_enabled=”0″]

AI Phishing:
<\/b><\/span>Why Your Staff Cannot Tell Fake from Real Anymore.<\/b><\/h1>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”20px|0px|0px|0px|false|false” custom_margin_tablet=”20px||||false|false” custom_margin_phone=”20px||||false|false” header_2_font_size_phone=”26px” global_colors_info=”{}”]

The email looks real. The voice sounds familiar. The video call seems genuine. In 2025 and 2026, none of these are guarantees.<\/b><\/em><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”60px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” header_2_font_size_phone=”26px” global_colors_info=”{}”]

\ud83d\udea8 A Wire Transfer Your CFO Never Approved<\/b><\/h2>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|20px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”on|desktop” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

It is a regular Tuesday afternoon. Your accounts executive receives a WhatsApp message from what appears to be the CEO’s number. The profile photo matches. The name matches. The writing style matches. The message reads: I am in a meeting and cannot call. Please process an urgent payment of RM800,000 to this new vendor account. I will explain later. Time sensitive.<\/p>\n

She hesitates for a moment, then transfers the funds. The vendor account belongs to a criminal. The CEO was never involved. The message was generated by AI, trained on months of the CEO’s past communications, social media posts, and voice recordings scraped from a company webinar.<\/p>\n

This exact scenario played out at a Kuala Lumpur finance firm in 2025, according to the SimplyData Malaysia Cybersecurity Threat Report 2026. RM800,000 was transferred before the fraud was detected. By then, the money was gone.<\/strong><\/p>\n

Welcome to the new era of AI-powered phishing, where the threat is no longer a poorly written email from a foreign prince. It is a message, call, or video that sounds and looks exactly like someone you trust.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”20px||20px||false|false” custom_padding=”20px||20px||false|false” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” header_2_line_height=”1em” header_3_font=”|600|||||||” header_3_font_size=”60px” header_3_line_height=”1em” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” header_2_font_size_phone=”26px” header_3_font_size_phone=”60px” header_3_font_size_last_edited=”off|phone” header_3_line_height_tablet=”1em” header_3_line_height_phone=”1em” header_3_line_height_last_edited=”off|phone” global_colors_info=”{}”]

82.6%<\/b><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]
Of all phishing emails now contain AI-generated content (KnowBe4 Phishing Trends Report 2025)<\/div>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” header_2_line_height=”1em” header_3_font=”|600|||||||” header_3_font_size=”60px” header_3_line_height=”1em” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” header_2_font_size_phone=”26px” header_3_font_size_phone=”60px” header_3_font_size_last_edited=”off|phone” header_3_line_height_tablet=”1em” header_3_line_height_phone=”1em” header_3_line_height_last_edited=”off|phone” global_colors_info=”{}”]

1,265%<\/b><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]
Surge in AI-powered phishing attacks since the launch of generative AI tools (2025 data)<\/div>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.27.6″ _module_preset=”default” custom_margin=”20px||20px||false|false” custom_padding=”20px||20px||false|false” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” header_2_line_height=”1em” header_3_font=”|600|||||||” header_3_font_size=”60px” header_3_line_height=”1em” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” header_2_font_size_phone=”26px” header_3_font_size_phone=”60px” header_3_font_size_last_edited=”off|phone” header_3_line_height_tablet=”1em” header_3_line_height_phone=”1em” header_3_line_height_last_edited=”off|phone” global_colors_info=”{}”]

Most<\/b><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]
Of Malaysian organisations encountered AI-powered phishing threats in 2025, per Business Today Malaysia<\/div>[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” header_2_line_height=”1em” header_3_font=”|600|||||||” header_3_font_size=”60px” header_3_line_height=”1em” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”40px||||false|false” custom_margin_phone=”40px||||false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” header_2_font_size_phone=”26px” header_3_font_size_phone=”60px” header_3_font_size_last_edited=”off|phone” header_3_line_height_tablet=”1em” header_3_line_height_phone=”1em” header_3_line_height_last_edited=”off|phone” global_colors_info=”{}”]

3 seconds<\/b><\/span><\/h3>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|0px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”0px||0px||false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]
AI voice cloning tools can create a convincing voice replica using this much source audio<\/div>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ custom_padding_last_edited=”on|desktop” _builder_version=”4.27.5″ _module_preset=”default” custom_margin=”||||false|false” custom_padding=”0px||40px||false|false” custom_padding_tablet=”||20px||false|false” custom_padding_phone=”||20px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.5″ _module_preset=”default” custom_margin=”0px||0px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” header_2_font_size_phone=”26px” global_colors_info=”{}”]
\n

\ud83e\udd16\u00a0 How AI Has Completely Changed Phishing<\/b><\/h2>\n<\/div>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|20px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”on|desktop” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” global_colors_info=”{}”]

For years, phishing emails were easy to spot. Bad grammar. Suspicious links. Generic greetings. Staff could be trained to catch them. That era is over.<\/p>\n

Today, attackers use large language models (LLMs), the same technology behind tools like ChatGPT, to generate phishing messages that are personalised, grammatically perfect, and contextually accurate. They reference real projects, use your company’s internal terminology, and match the tone of the person they are impersonating. Standard email filters, built to catch keyword patterns and formatting anomalies, cannot distinguish these messages from genuine communication.<\/p>\n

AI phishing in 2025 and 2026 operates across four distinct attack methods that every Malaysian business owner needs to understand:<\/p>[\/et_pb_text][dvmd_table_maker tbl_column_header_count=”0″ tbl_row_header_count=”0″ tbl_responsive_mode=”off” tbl_frame_type=”lines” tbl_frame_line_color=”#d6d6d6″ tbl_frame_line_width=”2px” tbl_stripes_active=”on” tbl_hover_active=”horz” tbl_hover_tint=”-8″ _builder_version=”4.27.6″ _module_preset=”default” tbl_tcell_text_font=”||||||||” tbl_tcell_text_font_size=”17px” tbl_tcell_text_line_height=”1.6em” tbl_chead_text_font=”|700|||||||” tbl_rhead_text_font=”|700|||||||” custom_margin_tablet=”20px||||false|false” custom_margin_phone=”20px||||false|false” custom_margin_last_edited=”on|desktop” global_colors_info=”{}”][dvmd_table_maker_item col_label=”ATTACK TYPE” col_content=”ATTACK TYPE\nAI Spear Phishing\nAI Voice Cloning (Vishing)\nDeepfake Video Calls\nAI Business Email Compromise (BEC)” col_column_max_width=”0.3fr” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”HOW IT WORKS” col_content=”HOW IT WORKS\nLLMs generate personalised emails that reference real colleagues, projects, and company language. Reads exactly like a message from a trusted colleague or supplier.\nAttackers use 3 to 5 seconds of audio from a LinkedIn video, webinar, or podcast to clone an executive’s voice. They call staff and issue verbal instructions.\nAI generates real-time video of executives during video calls. Colleagues, clients, and partners are convincingly impersonated in live meetings.\nAI researches your organisation, identifies key people, understands relationships and financial workflows, then crafts a targeted fraud campaign at scale.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][dvmd_table_maker_item col_label=”THE BUSINESS RISK” col_content=”THE BUSINESS RISK\nFinance teams tricked into wire transfers. Employees surrender login credentials. Supply chain partners are impersonated.\nAn employee receives a call that sounds exactly like the CFO authorising an urgent payment. 77% of voice clone victims lose money.\nThe entire board appears on a Teams call. Every person is a deepfake. Employees authorise sensitive actions believing leadership approved them.\nAttackers impersonate suppliers changing bank account details, solicitors requesting urgent transfers, or government agencies demanding payments.” _builder_version=”4.27.6″ _module_preset=”default” global_colors_info=”{}”][\/dvmd_table_maker_item][\/dvmd_table_maker][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ custom_padding_last_edited=”on|desktop” _builder_version=”4.27.5″ _module_preset=”default” custom_margin=”||||false|false” custom_padding=”0px||40px||false|false” custom_padding_tablet=”||20px||false|false” custom_padding_phone=”||20px||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.5″ _module_preset=”default” custom_margin=”0px||0px||false|false” custom_padding=”0px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.5″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” header_2_font=”|700|||||||” header_2_text_align=”left” header_2_text_color=”#0060ae” custom_margin=”40px|0px|0px|0px|false|false” custom_margin_tablet=”30px||||false|false” custom_margin_phone=”20px||||false|false” header_2_font_size_phone=”26px” global_colors_info=”{}”]

\n

\ud83c\udf10 What the World’s Experts Are Saying<\/b><\/h2>\n<\/div>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”10px|0px|30px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|20px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” border_width_all=”3px” border_color_all=”#e2e2e2″ global_colors_info=”{}”]

KnowBe4: Phishing Trends Threat Report 2025<\/strong><\/p>\n

KnowBe4, the world’s largest security awareness training platform, confirmed that 82.6% of phishing emails detected between September 2024 and February 2025 contained AI-generated content, a 53.5% year-on-year increase. This represents a fundamental shift: AI phishing is no longer an emerging trend. It is the dominant method.<\/p>\n

KnowBe4 also found that organisations implementing regular security awareness training reduced successful phishing click rates by more than 40% within 90 days, and by up to 86% within a year. The human element remains both the greatest vulnerability and the most effective defence.<\/p>\n

Source: <\/span>KnowBe4 Phishing Trends Threat Report 2025<\/span><\/a><\/p>\n

<\/span><\/p>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font_size=”18px” custom_margin=”0px|0px|30px|0px|false|false” custom_margin_tablet=”0px|0px|0px|0px|false|false” custom_margin_phone=”0px|0px|0px|0px|false|false” custom_margin_last_edited=”off|desktop” custom_padding=”20px|20px|20px|20px|false|false” text_font_size_tablet=”18px” text_font_size_phone=”18px” text_font_size_last_edited=”on|phone” border_width_all=”3px” border_color_all=”#e2e2e2″ global_colors_info=”{}”]

Business Today Malaysia: Closing the Phishing Gap in the Age of AI (2025)<\/strong><\/p>\n

A major study on Malaysian organisations published in Business Today Malaysia in September 2025 revealed the scale of the local AI phishing crisis:<\/p>\n