Phishing and scams are evolving at a rapid pace… fueled by AI and other new technology…Scammers are using AI to create grammatically correct fake emails and texts, making them harder to spot.
By Nij Martin
Facebook accounts are once again under attack, but this time, the threats are powered by a new and terrifying force: artificial intelligence. While you’ve likely heard the classic advice about suspicious links, a new wave of scams is bypassing traditional warning signs to steal your information and compromise your entire social circle. This new reality means you need to re-evaluate how you interact with everything online, from your email to what you post on your social media feeds.
The recent warning from MalwareBytes highlights a phishing campaign that’s deceptively simple. Scammers are sending emails that say, “your Facebook account was logged into from a new device” or that “we’ve received a request to reset your password for Facebook Account!” What makes this different is that clicking the links inside—even “Report the user” or “unsubscribe”—doesn’t take you to a malicious website. Instead, it opens your own email program with a pre-addressed message, validating your email address as active and marking you for future, more targeted attacks.
As Facebook warns, these attacks are ultimately designed to “take control over an account or device,” which in turn can be used to target “other people you may know, including friends or family.” This is a key part of the modern threat landscape—hackers don’t just want your account; they want access to your network. A compromised account can quickly send malicious links to all your friends, who may be less suspicious coming from a known contact. As Forbes’ Frase notes, you might see a post “from someone you think you know,” but clicking the link can take you to a fake login page that steals your credentials.
But the new email scam is just one example of a much larger trend. Cybersecurity firm Kaspersky points out that “phishing and scams are evolving at a rapid pace” because they are “fueled by AI and other new technology.” Gone are the days when a typo or clumsy grammar was a surefire sign of a scam. With AI, attackers can craft perfectly worded emails that replicate official communications from brands like Google, Apple, or Microsoft. They can also create highly convincing fake websites and even “deepfakes, voice cloning and multi-stage tactics to steal biometric data and personal information.”
AI’s power lies in its ability to analyze massive amounts of open-source data from social media and corporate websites to create “highly tailored to a specific victim.” This level of personalization “dramatically increases the effectiveness of social engineering, making it difficult for even tech-savvy users to spot these targeted scams.”
This is why your online footprint is now more dangerous than ever. Every photo, post, or public-facing detail is data that can be used against you. As Kaspersky emphasizes, “Do not post photos of documents or sensitive work-related information, such as department names or your boss’s name, on social media.” The real threat isn’t just to you, but to your colleagues and your workplace.
The basic rules still apply: don’t click on links in unexpected messages, and critically evaluate any request for personal information. But now, you must add a new layer of vigilance. Be suspicious of any message that uses urgent language, even if it looks perfect. And remember that “any emails [Facebook] sends will come from one of these addresses: fb.com, facebook.com, facebookmail.com, meta.com, metamail.com.” The old tricks might no longer work, but staying informed and careful is the best defense against a new generation of threats.