CTI Swarm
Zurück zu allen Deep Dives
PROOFPOINT

AI-generated phishing: a measurable inflection point in click-through rates

Strategische Zusammenfassung

Proofpoint analyzed 40 million simulated phishing interactions and identified an early-2026 inflection point: LLM-generated phishing achieves 2.7× the click-through rate of human-written templates. Attackers use LLMs for contextual personalization (LinkedIn, internal events), pushing click-through on hyper-targeted lures to 38% — 8× baseline. User-awareness training alone is insufficient; defenders need URL rewriting, browser isolation, and post-click detection.

Key Findings

  • LLM-generated phishing now achieves 2.7× the click-through of human-written templates.
  • Internal-event-referencing lures hit 38% click-through — 8× baseline.
  • Foreign-language tells are gone; attackers use LLMs for fluency and contextual personalization.
  • User-awareness training alone cannot close the gap at this attack quality.
  • Defend with URL rewriting, browser isolation, and post-click credential-phishing detection.

Volltext

Proofpoint's threat research team analyzed approximately 40 million simulated phishing interactions across enterprise customers between Q3 2024 and Q1 2026. The data shows a clear inflection point in early 2026: phishing emails with linguistic markers consistent with large-language-model generation achieve click-through rates 2.7× higher than human-written templates of comparable intent.

The shift correlates with broader availability of LLM APIs without strong content filters, particularly through grey-market resellers. Attackers use LLMs not just for translation — which removes the historical 'foreign-language tells' — but for contextual personalization: pulling LinkedIn data, internal calendar leaks, and public press releases to generate lures that reference plausibly correct internal context.

Most striking: phishing emails that reference a specific recent internal event achieve a 38% click-through rate in our simulated cohort, more than 8× the baseline. Defenders cannot rely on user awareness training alone to close this gap.

We recommend layered controls: aggressive URL rewriting at the gateway, browser-isolation for suspicious links, and continuous credential-phishing detection on the post-click path rather than only at the message ingestion layer.