<img src="https://enterprise52.com/813448.png" style="display:none;">

How AI is Making Phishing Emails Harder to Spot for SMEs

May 7, 2026 How AI is Making Phishing Emails Harder to Spot for SMEs

in , ,
News by Apex Computing

Phishing emails used to be easier to identify. Bad spelling, strange formatting, suspicious links and clumsy wording often gave them away. But that’s changing quickly.

AI is making phishing emails more convincing, more personalised and much harder for busy teams to spot. Cyber criminals can now create emails that sound professional, look relevant and feel like normal business communication.

For SMEs, this creates a serious risk.

A phishing email only needs one person to click the wrong link, open a fake attachment or enter their Microsoft 365 login details. From there, attackers may be able to access emails, files, client data, supplier conversations and payment information. That’s why phishing protection is no longer just an IT issue. It’s a business security issue.

At Apex Computing, we help SMEs across Manchester and the North West strengthen their cyber security, protect Microsoft 365 and train their teams to spot threats before they become serious problems.

What is AI phishing?

AI phishing is when cyber criminals use artificial intelligence to make scam emails, fake requests and malicious messages more believable. Instead of sending badly written generic emails, attackers can now create messages that sound natural, professional and specific to your business.

That could include:

  • A fake invoice from a supplier
  • A Microsoft 365 login alert
  • A payment change request
  • A message pretending to be from a director
  • A fake SharePoint or OneDrive file link
  • A realistic HR or payroll email
  • A follow-up message that appears to continue real conversation

This is especially dangerous for small and medium-sized businesses because teams are busy, people often cover multiple roles, and not every SME has dedicated cyber security support in-house.

AdobeStock_1855516965-1

Why AI makes phishing emails harder to spot

AI removes many of the old warning signs. A scam email can now be well written, polite and convincing. It might not contain spelling mistakes. It might not look unusual. It might even sound like someone your team already knows. Cyber criminals can also use information from websites, LinkedIn, social media and public company updates to make emails feel more personal.

For example, a fake email might mention your company name, a senior member of your team, a recent project or a supplier relationship. That makes the message feel familiar, which increases the chance someone will trust it. This is where cyber awareness training needs to evolve. Staff can’t just be told to look for bad grammar anymore. They need to understand how modern phishing attacks work.

Apex’s Cyber Security Awareness Training helps employees recognise suspicious emails, fake login pages, social engineering and other common cyber threats.

Discover the Cyber Security Sphere

Why Microsoft 365 is a major target

For many SMEs, Microsoft 365 is at the heart of the business. It holds emails, calendars, Teams messages, SharePoint files, OneDrive documents and client information. That makes it a valuable target.

If an attacker gains access to one Microsoft 365 account, they may be able to:

  • Read confidential emails
  • Access shared files
  • Send convincing messages from a real account
  • Create hidden forwarding rules
  • Monitor payment conversations
  • Target clients, suppliers or colleagues
  • Reset passwords for other systems

This is why Microsoft 365 security needs to be actively managed. Strong protection should include multi-factor authentication (MFA), secure admin controls, email filtering, suspicious login monitoring, regular permission reviews and clear leaver processes.

Apex’s Microsoft 365 Managed Services help businesses reduce security gaps, improve visibility and make sure Microsoft 365 is configured properly.

How SMEs can reduce the risk of AI phishing

AI phishing is becoming more sophisticated, but there are practical ways to reduce the risk.

1. Turn on multi-factor authentication (MFA)

MFA adds an extra layer of protection beyond passwords. If a password is stolen, MFA can help stop an attacker from accessing the account. It should be used across Microsoft 365, email, finance platforms, CRM systems, remote access tools and any system holding sensitive business data.

2. Strengthen email security

Email security tools can help block malicious links, suspicious attachments, impersonation attempts and spoofed domains before they reach your team. No tool will catch everything, but strong email security significantly reduced the number of dangerous messages employees need to deal with. Apex’s Managed Cyber Security Services help businesses monitor, protect and respond to cyber threats more proactively.

3. Train your team regularly

One-off training isn’t enough. Teams need regular, practical cyber security awareness training that reflects real threats. That includes AI phishing, fake Microsoft 365 login pages, supplier impersonation, invoice fraud, QR code scams and suspicious file-sharing links. The goal isn’t to scare staff. It’s to help them pause, check and report anything that doesn’t feel right.

4. Review Microsoft 365 permissions

Phishing becomes more dangerous when too many people have access to too much data. Businesses should regularly review who has access to SharePoint sites, Teams channels, OneDrive folders and admin settings. This is especially important before introducing tools like Microsoft Copilot, because AI can surface information that users already have permission to access.

Apex’s Microsoft Modern Workplace Solutions and Copilot Consultancy can help SMEs create a more secure, productive and well-managed Microsoft environment.

Discover Microsoft Modern Workplace

5. Create clear payment approval processes

AI phishing often targets finance teams. A fake supplier email or payment change request can look very convincing. That’s why payment processes should never rely on email alone. Your business should have clear rules for verifying supplier bank detail changes, approving payments and checking urgent requests through another channel. A simple phone call using a known number could prevent a costly mistake.

They key warning signs to watch for

AI phishing is harder to spot, but there are still signs your team should look out for.

Be cautious if a message:

  • Creates urgency
  • Requests payment or bank detail changes
  • Asks for login details
  • Includes an unexpected file link
  • Bypasses normal processes
  • Comes from a slightly unusual email address
  • Feels out of character
  • Asks for secrecy
  • Arrives at a suspiciously convenient time

The best habit is simple: pause before acting. A genuine request can usually wait a few minutes. A scam relies on speed.

Have a free, no-obligation consultation with one of our experts

Protect your business from AI phishing

AI is making phishing emails harder to spot, but your business doesn’t have to face that risk alone. With the right mix of cyber security tools, Microsoft 365 protection, staff training and proactive IT support, SMEs can reduce the risk and respond faster when something looks suspicious.

Apex Computing supports businesses across Manchester and the North West with Cyber Security Services, Cyber Security Awareness Training, Microsoft 365 Managed Services and Managed IT Services.

Worried your team could click on a convincing phishing email? Speak to our team of cyber experts today to review your phishing protection and strengthen your cyber security.

Speak to one of our Cyber Security experts today

Apex Computing

At Apex Computing Services, we’ve been growing with our customers since 2003 and now have a team of 20 highly professional and experienced technical engineers covering all aspects of IT Support, Cloud Solutions, IT Infrastructure, Business Continuity, compliance towards GDPR and Cyber Security.

Latest Blogs

  • Cyber Security in 2026: What North West SMEs Need to Prepare For

    Read Now

  • We Won! Apex Takes Home Marketing Team of the Year Award at Network Group 2026 Gala

    Read Now

  • From Servers to Identity: The Real Shift Behind the Modern Workplace

    Read Now

  • Three Shortlistings. One Brilliant Team. Apex Heads to Glasgow for the NG Group Awards 2026

    Read Now