Part of the Zaltek Group

Beware the next generation of phishing attacks

If phishing scams are supposed to trick people, why do so many of them still feel clumsy? For years, the answer was simple: Most scams were mass-produced.  The same email, the same fake website, sent to thousands of people and hoping a few would fall for it.  That approach is still around, but it’s starting…
May 4th, 2026

If phishing scams are supposed to trick people, why do so many of them still feel clumsy?

For years, the answer was simple: Most scams were mass-produced. 

The same email, the same fake website, sent to thousands of people and hoping a few would fall for it. 

That approach is still around, but it’s starting to evolve.

When generative AI first appeared, there was a lot of talk about “dynamic websites”. 

Instead of one fixed site for everyone, pages would be generated on the spot, shaped by who you are, where you are, and what device you’re using. 

That future never really arrived for everyday businesses. It was complex and rarely worth the effort.

Cybercriminals, however, don’t need perfect systems. 

They need something convincing.

Security researchers have shown how this idea could be used for phishing. While it’s still largely experimental, it gives a clear picture of the next generation of scams.

A victim clicks a link and lands on a webpage that looks harmless. There’s no obvious malicious code sitting on the page. 

Once it loads, the page asks a legitimate AI service to help generate content. 

That content is then assembled and run directly in the person’s browser.

The result is a phishing page that’s created especially for that visitor. 

The wording, layout and code can all be different every time. There’s no single fake website for security systems to spot and block, because the scam doesn’t fully exist until someone opens it.

Before you panic, this method isn’t widespread yet. But the building blocks are in use. 

AI is being used to write malicious code, malware is increasingly assembled as it runs, and AI-assisted scams are becoming more common.

For you, this changes the rules slightly. 

Phishing is no longer just about spotting bad spelling or sloppy design. Future scams may look even more polished, personalized and completely legitimate.

That’s why modern protection focuses less on “don’t ever click the wrong thing” and more on limiting the damage if someone does. 

Tools like multi-factor authentication, secure browsers and email filtering still work, even when a fake page looks convincing.

Remember this: Phishing isn’t going away. It’s getting smarter. 

To stay protected now you must assume the next scam will look professional and make sure your defenses don’t rely on people spotting obvious mistakes.

Want to check how exposed your business is? Get in touch.

Stay ahead of the curve with our Newsletter

Join thousands of industry leaders already benefiting from our weekly insights.
Expert Cyber Security tips
Actionable Tech Insights
Trending Industry News

Contact Us

Whether you're ready to boost your IT, tighten your cybersecurity, or just explore your options, we're here to help. Drop us a message or give us a call - real people, real advice, no hard sell.
+44 (0)191 406 3555