IsThisSpam Logo
IsThisSpam.org
Back to Blog
Security Reports
February 10, 2026

AI Scam Emails Are Fooling 54% of People - Microsoft’s 2025 Report Explains Why

Microsoft's 2025 report reveals AI phishing emails have a 54% click-through rate. Learn why they work and how to stay safe.

Scam emails are no longer easy to spot - and it’s not your fault.

According to the Microsoft Digital Defense Report 2025, AI-generated phishing emails now achieve a 54% click-through rate, compared to just 12% for traditional phishing attempts. That means more than 1 in 2 people click AI-written scam emails. (Source: Microsoft Digital Defense Report 2025)

📘 Full report: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=1

📄 Executive summary (government & policy): https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/MDDR-2025-Government-Executive-Summary.pdf#page=1

These findings confirm what millions of users are experiencing daily: modern scams look real, sound legitimate, and bypass instinct.

---

Why AI scams are suddenly so effective

Microsoft describes AI as a “double-edged influence” - empowering defenders, while simultaneously enabling threat actors to scale scams with unprecedented speed and precision.

Key reasons AI phishing works so well in 2025:

  • Perfect grammar and tone (no obvious red flags)
  • Messages tailored using scraped personal or organisational data
  • Realistic urgency and authority (“account suspension”, “security alert”)
  • Automated generation at massive scale

Microsoft processes over 5 billion emails every day, yet even with this level of protection, AI-driven scams continue to reach inboxes worldwide.

This isn’t a spam-filter failure - it’s a fundamental shift in how attacks are executed.

---

Identity scams are the fastest-growing threat

One of the most critical findings in Microsoft’s executive summary is the sharp rise in identity-based attacks:

  • 32% increase in identity attacks in the first half of 2025
  • Heavy use of impersonation (email providers, employers, cloud platforms)
  • Focus on verification, password resets, and account access

Common examples include emails claiming to be from:

  • Microsoft / Outlook
  • Google
  • Employers or recruiters
  • Banks, toll providers, or delivery services

These messages are specifically designed to trigger fast, emotional responses - before rational checks occur.

---

Why inbox warnings aren’t enough anymore

Traditional spam detection relies on:

  • Known malicious domains
  • Sender reputation
  • Previously identified campaigns

AI phishing breaks these models by:

  • Generating new content for every message
  • Rotating infrastructure continuously
  • Mimicking legitimate business workflows

Microsoft highlights that attackers now combine social engineering + automation, making detection harder and user judgment more critical than ever.

This is why many scams:

  • Appear in the inbox
  • Avoid spam folders
  • Look indistinguishable from real emails

---

What Microsoft recommends - translated for everyday users

Microsoft’s guidance is written for enterprises and governments, but the core principle applies to everyone:

Always assume breach. Always verify.

For individuals, that means:

  • Don’t trust appearance alone
  • Don’t rely on urgency cues
  • Verify messages independently before clicking

This is exactly where tools like IsThisSpam.org help.

Instead of guessing, users can:

1. Paste an email, message, URL, or sender 2. Analyse language patterns, intent, and known scam signals 3. See why something is risky - not just a generic warning

In the age of AI scams, explanation matters as much as detection.

---

Australia is directly affected

Microsoft’s global threat data places Australia among the most frequently targeted countries worldwide, alongside the United States, United Kingdom, and EU regions.

That aligns with the patterns we see daily at IsThisSpam:

  • Fake job offers
  • Account verification scams
  • Delivery and toll fraud
  • AI-written extortion and impersonation emails

These scams are not rare - they are systemic.

---

The new rule for 2025: check before you click

The Microsoft Digital Defense Report 2025 makes one thing clear:

AI scams don’t target careless people - they target everyone.

The safest habit today is simple:

  • Pause
  • Verify the message
  • Then decide

If something feels urgent, threatening, or “too real,” that’s precisely when verification matters most.

You can run a free check anytime at IsThisSpam.org.

---

Sources

  • Microsoft Digital Defense Report 2025 (Full Report)

https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=1

  • Microsoft Digital Defense Report 2025 – Government Executive Summary

https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/MDDR-2025-Government-Executive-Summary.pdf#page=1

Stop Guessing. Know if it's a scam instantly.

Join thousands of users who trust IsThisSpam to automatically analyze suspicious emails, links, and messages before they do any harm.

Create Free Account for Private ScansGet Chrome Extension
Share this article: