Students studying on laptops

AI-Enabled Phishing & Social Engineering

April 20, 2026

Artificial intelligence is rapidly changing the cybersecurity landscape — and phishing attacks are becoming more sophisticated, targeted, and harder to detect. Universities rely on frequent email communication and digital collaboration, making phishing one of the most effective entry points for attackers. AI tools allow cybercriminals to generate convincing messages in seconds, increasing the likelihood that even cautious users may be deceived.  

These tools can be tailored messages using publicly available information from websites, social media, and university directories, that make scams feel personalized and credible. Recent research indicates that most people still struggle to accurately identify AI-generated phishing emails. Unlike traditional phishing campaigns that cast a wide net, AI enables highly targeted “spear-phishing” attempts directed at specific individuals, departments, or roles — such as finance teams, researchers, or student employees. 

In 2025, research showed Gen Z users were among the most likely to engage with social engineering attacks — including clicking malicious links or opening unsafe attachments. This underscores that growing up with technology does not automatically translate into strong cybersecurity awareness. As AI continues to evolve, staying alert, questioning unexpected requests, and practicing safe digital habits are more important than ever across all generations within our campus community. 

Current Events & Trends 

  • Cybercriminals use AI to craft highly realistic emails and messages. 
  • Messages often create urgency (e.g., “urgent payment,” “account suspension,” “document review”). 
  • Emerging tactics include voice cloning and deepfake-style fraud targeting leadership and finance teams. 
  • Attackers increasingly attempt to steal login credentials to access email, payroll, and cloud systems. 

Recommended Prevention & Tips 

  • Pause and verify unexpected or urgent requests — especially those involving payments or credentials. 
  • Check sender email addresses carefully for subtle misspellings or unusual domains. 
  • Never share passwords or approve MFA push notifications without reviewing them. 
  • Report suspicious emails to spam@richmond.edu. 

Training Resources 

Cybersecurity is a shared responsibility. Together we can stay SpiderSecure and protect the web.