Hackers Are Using AI to Make Phishing Emails Smarter

September 29, 2025

At Black Sheep Support, we track the latest tricks cybercriminals use against small businesses. One of the newest tactics involves artificial intelligence (AI). Attackers are no longer just using AI to write convincing phishing messages – they’re also using it to hide the malicious code inside attachments.

Microsoft recently uncovered a campaign where hackers sent out emails with a file that looked like a standard PDF. In reality, it was an SVG file – a type of graphic that can carry hidden scripts – designed to steal login credentials.

This isn’t the first time we’ve seen AI being linked to cybercrime. In our recent article on PromptLock, the first known AI-powered ransomware, we highlighted how attackers are beginning to experiment with AI to strengthen their attack chains. The SVG phishing campaign is another sign that these tools are being weaponised in new and worrying ways.

Phishing Emails
How the Scam Worked

  • A small business email account was compromised.

  • Phishing emails were sent back to that account, with real targets quietly added in the BCC field to avoid detection.

  • The attachment claimed to be a six-page PDF, but was actually an SVG file capable of running malicious scripts.

When opened, the file showed only blank charts. Meanwhile, hidden scripts redirected users to a fake login page and harvested their login details.

Corporate Language Used to Mask Attacks

The attackers avoided traditional obfuscation methods. Instead, they hid the malicious code inside business terms like revenue, shares, operations, and risk. To a casual review, it looked like harmless corporate data.

Microsoft’s analysis suggested AI likely helped generate the code. The scripts were unusually complex and verbose – not something most humans would write by hand.

AI
Protecting Your Business with Black Sheep Support

AI is making phishing attacks more convincing and harder to detect, which increases the risk for small businesses. The good news is that there are practical steps you can take – and Black Sheep Support is here to help.

  • Forward suspicious emails to us for safe analysis.

  • Let us help secure your domain with SPF, DKIM, and DMARC to prevent impersonation.

  • Enable multi-factor authentication (MFA) on critical accounts.

  • Allow us to train your staff to recognise unusual attachments or unexpected requests.

Our team can also review your email systems, advise on domain authentication, and provide staff training to strengthen your overall security posture. If you receive an email that seems off, forward it to us. If you want to proactively protect your business from smarter attacks, get in touch today.

Together, we can make sure AI works for your business – not against it.

BOOK A DISCOVERY CALL WITH US

What is AI-powered phishing and how does it work?

L
K

AI phishing is a type of cyber attack where hackers use artificial intelligence to create highly convincing emails and attachments designed to steal sensitive information. AI can generate realistic business language, disguise malicious code in documents, and even personalise attacks, making them much harder to detect. Small businesses are often targets because they may have fewer security measures in place.

How can hackers hide malicious code in files like PDFs or SVGs?

L
K

Hackers can disguise malware inside seemingly harmless files. For example, an SVG file (a type of image) can carry hidden scripts that run when the file is opened. In some recent attacks, AI-generated scripts were embedded inside business-related content like charts, making it appear safe while secretly harvesting login credentials.

How can I tell if an email attachment is dangerous?

L
K

Look for signs like unexpected attachments, unusual file types (like SVG pretending to be PDF), spelling mistakes, or requests for login details. AI phishing emails can be very convincing, so it’s important to verify the sender, avoid opening suspicious files, and forward questionable emails to a trusted IT team or service like Black Sheep Support for analysis.

What steps can small businesses take to protect against AI-powered phishing?

L
K

Small businesses can protect themselves by:

  • Enabling multi-factor authentication (MFA) on all critical accounts.

  • Securing their domain with SPF, DKIM, and DMARC.

  • Training staff to spot unusual attachments or requests.

  • Forwarding suspicious emails to IT experts for safe analysis.

Why is AI making phishing attacks more dangerous?

L
K

AI allows attackers to create emails and attachments that are more realistic and harder to detect. It can write complex scripts, personalise content to trick specific targets, and hide malicious code in ways humans might not think of. This makes phishing more sophisticated, which is why businesses need stronger email security and staff training.