- The researchers compared the spam of the era prior to the GPT, with which they arrived later
- Most unwanted mail messages today are generated by AI
- BEC electronic emails require more precision
The majority of the electronic spam emails that are sent today are being written by generative artificial intelligence (Genai), as affirmed by new research.
A Barracuda report has argued that cybercriminals are not using AI to change their attack tactics, but to refine them and make them more difficult to detect.
The study compared the emails sent before the appearance of Chatgpt (before November 2022), with those sent later, and noticed a significant change, that is, criminals are mainly using Genai in Spam.
Increased credibility
In April 2025, 51% of spam emails were generated by an AI, instead of a human, they determined.
“Most emails that are currently in the average garbage/spam folder may have been written by a large language model (LLM),” they explained
On the other hand, criminals do not seem so anxious to use AI in business email commitment attacks (BEC). According to researchers, these types of attack imply precision and are generally addressed to a higher person in an organization. As a result, in April 2025, only 14% of BEC attacks were generated by an AI.
As expected, messages generated by AI are better written. They have a higher level of formality, less grammatical errors and greater linguistic sophistication. Therefore, they seem more credible and professional for victims, which increases the probability of falling prey.
It also means that cyberactors whose native language is not English will be easier to aim at business in English -speaking countries. Finally, criminals seem to be using A/B, try different spam variants, trying to determine which writing variations best work in real -life environments.
The best way to defend against spam messages generated by AI is with email security solutions with AI. In the era before the GPT, one could detect phishing and spam simply running email: these messages were usually full of spelling and grammar errors, while the language was raw and out of place most of the time.
Since IA eliminated these red flags, an advanced email security solution, equipped with multicapa detection, enabled for AI/ml, is “crucial”, the researchers concluded.
