NCSC warns of rising AI-powered phishing campaigns

The UK’s National Cyber Security Centre reports a sharp increase in AI-generated phishing attacks targeting SMEs, urging businesses to review email security protocols.

The Threat Is Evolving Fast

Traditional phishing was easy to spot: awkward grammar, generic greetings, obvious urgency. AI-generated phishing has changed the game entirely. Attackers can now produce highly personalised, grammatically flawless emails at scale — referencing real colleagues, recent projects, and company-specific context scraped from LinkedIn and company websites.

Why SMEs Are Disproportionately Targeted

Large enterprises typically have dedicated security teams, advanced email filtering, and regular staff training. SMEs often don’t. The NCSC’s warning reflects an uncomfortable reality: attackers are increasingly targeting smaller businesses precisely because the defences are thinner and the potential for a successful social engineering attack is higher.

What You Should Do Now

Reviewing email security protocols is a start, but it’s not enough on its own. Businesses should ensure multi-factor authentication is enforced across all accounts, that staff receive regular (and realistic) phishing simulation training, and that there is a clear process for reporting suspicious emails. The Diixtra perspective: this threat is not hypothetical — it is active and growing. If you haven’t reviewed your email security posture in the last 12 months, that review is overdue.