Phishing emails used to be easier to identify. Bad spelling, strange formatting, suspicious links and clumsy wording often gave them away. But that’s changing quickly.
AI is making phishing emails more convincing, more personalised and much harder for busy teams to spot. Cyber criminals can now create emails that sound professional, look relevant and feel like normal business communication.
For SMEs, this creates a serious risk.
A phishing email only needs one person to click the wrong link, open a fake attachment or enter their Microsoft 365 login details. From there, attackers may be able to access emails, files, client data, supplier conversations and payment information. That’s why phishing protection is no longer just an IT issue. It’s a business security issue.
At Apex Computing, we help SMEs across Manchester and the North West strengthen their cyber security, protect Microsoft 365 and train their teams to spot threats before they become serious problems.
AI phishing is when cyber criminals use artificial intelligence to make scam emails, fake requests and malicious messages more believable. Instead of sending badly written generic emails, attackers can now create messages that sound natural, professional and specific to your business.
That could include:
This is especially dangerous for small and medium-sized businesses because teams are busy, people often cover multiple roles, and not every SME has dedicated cyber security support in-house.
AI removes many of the old warning signs. A scam email can now be well written, polite and convincing. It might not contain spelling mistakes. It might not look unusual. It might even sound like someone your team already knows. Cyber criminals can also use information from websites, LinkedIn, social media and public company updates to make emails feel more personal.
For example, a fake email might mention your company name, a senior member of your team, a recent project or a supplier relationship. That makes the message feel familiar, which increases the chance someone will trust it. This is where cyber awareness training needs to evolve. Staff can’t just be told to look for bad grammar anymore. They need to understand how modern phishing attacks work.
Apex’s Cyber Security Awareness Training helps employees recognise suspicious emails, fake login pages, social engineering and other common cyber threats.
For many SMEs, Microsoft 365 is at the heart of the business. It holds emails, calendars, Teams messages, SharePoint files, OneDrive documents and client information. That makes it a valuable target.
If an attacker gains access to one Microsoft 365 account, they may be able to:
This is why Microsoft 365 security needs to be actively managed. Strong protection should include multi-factor authentication (MFA), secure admin controls, email filtering, suspicious login monitoring, regular permission reviews and clear leaver processes.
Apex’s Microsoft 365 Managed Services help businesses reduce security gaps, improve visibility and make sure Microsoft 365 is configured properly.
AI phishing is becoming more sophisticated, but there are practical ways to reduce the risk.
MFA adds an extra layer of protection beyond passwords. If a password is stolen, MFA can help stop an attacker from accessing the account. It should be used across Microsoft 365, email, finance platforms, CRM systems, remote access tools and any system holding sensitive business data.
Email security tools can help block malicious links, suspicious attachments, impersonation attempts and spoofed domains before they reach your team. No tool will catch everything, but strong email security significantly reduced the number of dangerous messages employees need to deal with. Apex’s Managed Cyber Security Services help businesses monitor, protect and respond to cyber threats more proactively.
One-off training isn’t enough. Teams need regular, practical cyber security awareness training that reflects real threats. That includes AI phishing, fake Microsoft 365 login pages, supplier impersonation, invoice fraud, QR code scams and suspicious file-sharing links. The goal isn’t to scare staff. It’s to help them pause, check and report anything that doesn’t feel right.
Phishing becomes more dangerous when too many people have access to too much data. Businesses should regularly review who has access to SharePoint sites, Teams channels, OneDrive folders and admin settings. This is especially important before introducing tools like Microsoft Copilot, because AI can surface information that users already have permission to access.
Apex’s Microsoft Modern Workplace Solutions and Copilot Consultancy can help SMEs create a more secure, productive and well-managed Microsoft environment.
AI phishing often targets finance teams. A fake supplier email or payment change request can look very convincing. That’s why payment processes should never rely on email alone. Your business should have clear rules for verifying supplier bank detail changes, approving payments and checking urgent requests through another channel. A simple phone call using a known number could prevent a costly mistake.
AI phishing is harder to spot, but there are still signs your team should look out for.
Be cautious if a message:
The best habit is simple: pause before acting. A genuine request can usually wait a few minutes. A scam relies on speed.
AI is making phishing emails harder to spot, but your business doesn’t have to face that risk alone. With the right mix of cyber security tools, Microsoft 365 protection, staff training and proactive IT support, SMEs can reduce the risk and respond faster when something looks suspicious.
Apex Computing supports businesses across Manchester and the North West with Cyber Security Services, Cyber Security Awareness Training, Microsoft 365 Managed Services and Managed IT Services.
Worried your team could click on a convincing phishing email? Speak to our team of cyber experts today to review your phishing protection and strengthen your cyber security.