Cybersecurity News in Asia

Fraudsters and cybercriminals tap AI for more sophisticated spam and BEC attacks

By CybersecAsia editors | Friday, June 27, 2025, 5:44 PM Asia/Singapore

One limited academic analysis of selected spam reveals AI-crafted emails use formal language, fewer errors, and test variations in English-speaking regions.

Researchers from Columbia University and the University of Chicago have reported a significant increase in the use of AI to generate spam emails, according to a new data analysis of unsolicited and malicious emails sent between February 2022 and April 2025.

The data trends suggest that 51% of spam messages now (April 2025, based on analyses of spam from English-speaking countries) are believed to be AI-generated, while the proportion of business email compromise (BEC) attacks using AI remains lower (at an estimated 14% based on the supplied data set by a single source) but is steadily rising.

The researchers note that the use of AI in both spam and BEC attacks had increased after the public launch of ChatGPT in November 2022. AI-generated emails tend to be more formal, use more sophisticated language, and contain fewer grammatical errors than those written by humans.

Limitations of the research

With AI, attackers appear to have been testing different word variations, aiming to evade detection systems and increase the likelihood that recipients will click on malicious links. In some cases, this process resembles A/B testing in marketing, where multiple versions of an email are generated and tested to determine which phrasing is most effective at bypassing defenses or enticing user engagement.

However, the researchers note that, while AI is being used to refine the content of these emails, the overall tactics of the attacks have not changed significantly. The researchers also acknowledged the challenges in definitively determining whether an email was generated by AI, as only the content of the attack is visible, not the method of its creation.

According to Asaf Cidon, Associate Professor, Electrical Engineering and Computer Science, Columbia University, in a press release: “Our analysis suggests that by April 2025 the majority of spam emails were not written by humans, but rather by AI. For more sophisticated attacks, like [BECs], which require more careful tuning of the content to the victim’s context, the vast majority of emails are still human generated, but the volume that is generated by AI is steadily and consistently increasing.”

The methodology for detecting AI-generated emails was based on the assumption that emails sent before November 2022 were primarily human-written, which served as a baseline for training automated detectors.

[Editor’s note: This approach may not account for earlier AI or automation tools that could have been used prior to ChatGPT’s release, and may therefore overestimate the growth of AI-generated spam.]

The data used in the analysis (disclosed as spam sent to people in English-speaking countries) was supplied by Barracuda.

An example of A/B word comparisons of different spam emails to attempt to detect AI provenance.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
2024 Insider Threat Report: Trends, Challenges, and Solutions
Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
AI-Powered Cyber Ops: Redefining Cloud Security for 2025
The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
Data Management in the Age of Cloud and AI
In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper

Middle-sidebar-banner

Case Studies

Bangladesh LGED modernizes communication while addressing data security concerns
To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more
What AI worries keeps members of the Association of Certified Fraud Examiners sleepless?
This case study examines how many anti-fraud professionals reported feeling underprepared to counter rising AI-driven …Read more
Meeting the business resilience challenges of digital transformation
Data proves to be key to driving secure and sustainable digital transformation in Southeast Asia.Read more
Upgrading biometric authentication system protects customers in the Philippines: UnionDigital Bank
An improved dual-liveness biometric framework can counter more deepfake threats, ensure compliance, and protect underbanked …Read more

Featured

Web browsers that rank lowest for privacy protection

Featured

The impact of APAC’s AI buildout on cybersecurity in 2026

Featured