AI-written phishing emails look identical to real messages — no typos, no generic greetings, no obvious red flags. Here are 8 warning signs to check, and how TrustScan detects them automatically in Gmail.
🔒 No email content stored · Instant results · Works in Gmail
For years, phishing awareness training taught people to look for obvious red flags: broken grammar, generic "Dear Customer" greetings, suspicious links with misspelled domains, and implausible stories. That training was effective — because those were the real characteristics of most phishing emails.
AI has eliminated every one of those red flags. ChatGPT, Claude, Gemini, and other large language models can produce phishing emails that are grammatically perfect, address you by your real first name, reference your actual employer, mention a realistic recent event, and match the tone and style of the organisation they impersonate. The email reads as genuine — because it was written by a sophisticated language model following the attacker's exact instructions.
The bad news is that most of the old manual checks are now unreliable. The good news is that AI-generated writing still carries detectable structural signals — patterns in sentence uniformity, vocabulary distribution, and phrase construction that distinguish machine output from genuine human writing. These signals are subtle enough that humans miss them under normal reading conditions, but an AI analysis engine can evaluate them in under 3 seconds.
These are the signals you can check manually. Signs 1–5 are contextual and behavioural. Signs 6–8 are structural — they require closer inspection and are harder to evaluate without tools.
AI-generated phishing often impersonates a brand, bank, or service you actually use — because attackers research targets before writing. If a message from PayPal, your bank, or a parcel carrier arrives without being triggered by something you did, be suspicious. Legitimate services don't send urgent account alerts out of nowhere.
AI language models are easily prompted to write "urgent" copy. The combination of time pressure ("your account will be suspended in 24 hours") and a specific requested action ("click here to verify", "call this number", "reply with your credentials") is a core manipulation tactic — and AI executes it more convincingly than human phishers because it uses appropriate language for the brand.
A vendor you have never interacted with by email asking you to approve a payment. A colleague who normally sends short, informal Slack messages suddenly sending a detailed formal email requesting urgent wire transfer approval. A "CEO" email in your inbox when you've never received a direct email from that person before. Mismatches between the claimed sender and their normal communication pattern are strong signals.
Check the actual "From" field by hovering or expanding the sender details. AI-generated phishing often uses a display name that looks correct (e.g. "PayPal Security") while the actual sending domain is unrelated (e.g. paypal-security-alert.xyz). If the reply-to address differs from the sender address, the email is almost certainly fraudulent.
Before clicking any link, hover over it (on desktop) to see the actual URL. An AI-generated phishing email from "Netflix" will link to a domain that is not netflix.com — often a convincing lookalike such as netflix-account-verify.com or a subdomain attack like account.netflix.fake-domain.co. If the domain doesn't exactly match the expected sender, do not click.
If a colleague who normally writes casual, informal emails suddenly sends a flawlessly structured message with no contractions, no abbreviations, and unusually formal phrasing, it may have been drafted by an AI. This is subtle and easy to miss — most people don't consciously track the writing style of their regular contacts — but it is a real signal that something has changed.
AI language models tend to produce well-structured content with consistent paragraph length, clear transitions, and an organised logical flow — even when writing phishing emails. Human-written urgent emails are often rushed, slightly disorganised, and show the author's actual emotional state. An email that reads like polished marketing copy but claims to be an urgent personal alert is worth scrutinising.
AI-generated spear phishing often includes real-sounding details — your name, your company, a plausible transaction reference number, or a mention of a recent event — to build credibility. But the details are generated or scraped from public sources, not from a real relationship. If an email references something specific but you can't independently verify where that information came from, treat the email as suspicious.
Every characteristic that used to make phishing detectable has been removed by AI. Understanding the shift helps you recalibrate what to look for.
| Signal | Traditional phishing | AI-generated phishing |
|---|---|---|
| Grammar and spelling | ✓ Often poor — easy to spot | ✗ Flawless — no red flag |
| Personalisation / recipient's name | ✓ Generic — easy to spot | ✗ Targeted — uses real name and context |
| Tone and style match | ✓ Off-brand — noticeable | ✗ On-brand — matches the impersonated sender |
| Link destination | ✓ Obviously misspelled domain | ✗ Convincing lookalike or legitimate service |
| Detectable by eye | ✓ Usually — with training | ✗ Rarely — requires automated analysis |
| Detectable by TrustScan? | ✓ Yes | ✓ Yes |
The 8 manual checks above are useful — but they depend on noticing subtle signals under the reading conditions of a busy inbox. TrustScan evaluates every email automatically so you don't have to.
Add TrustScan to Chrome, Edge, or Brave from the Chrome Web Store in one click. No account required and no configuration needed. TrustScan is immediately active inside Gmail after installation.
When you open any email in Gmail, TrustScan automatically extracts the message body, sender details, embedded links, and images. This data is sent securely for analysis. You do not need to manually trigger a scan — it runs on every email, automatically.
TrustScan's backend uses a large language model to score the email across phishing risk, scam risk, AI-authorship likelihood, and overall threat level. The AI-authorship check evaluates structural signals that are not perceptible by human readers — writing uniformity, sentence-level entropy, vocabulary distribution, and LLM-characteristic phrasing patterns.
Within seconds, a colour-coded badge appears next to the email subject line. Green (80–100) means no significant threat signals. Amber (50–79) means proceed with caution. Red (0–49) means high risk — likely phishing or AI-generated scam content. Hover the badge for a plain-English explanation of the finding.
If an email triggers any of the 8 warning signs above — or if TrustScan returns an amber or red score — take these steps before acting on the message.
There are contextual clues you can check manually — unexpected contact, a request that doesn't match the sender relationship, unusually perfect grammar, and urgency combined with a specific action. However, the most reliable method is automated analysis. TrustScan uses an AI engine to evaluate writing patterns, authorship signals, and intent across every email you open in Gmail — in under 3 seconds.
Traditional phishing is easy to spot: poor grammar, generic salutations, obvious urgency cues, and links to misspelled domains. AI-generated phishing has none of these flaws. It uses the recipient's real name, references genuine context, is grammatically perfect, and matches the tone of legitimate communication from the sender it impersonates. The result is a message that bypasses both spam filters and experienced human readers.
Sometimes — but not reliably. You might notice stylistic uniformity, unnaturally balanced sentence structure, or phrases that feel "too polished." But these impressions are subjective and easy to miss when reading quickly. The reliable approach is automated detection: TrustScan analyses structural writing signals not perceptible to human readers — sentence entropy, vocabulary distribution, and LLM-characteristic phrasing — and flags AI authorship within seconds.
Key warning signs include: unexpected contact that feels too legitimate; urgency combined with a specific requested action; a request that doesn't match the sender relationship; a reply-to address that differs from the sender; a link destination that doesn't exactly match the claimed sender's domain; unusually perfect grammar from an informal sender; overly structured and balanced writing for an urgent message; and contextually accurate detail that you can't independently verify. See our full breakdown of all 8 warning signs above.
When you open any email in Gmail, TrustScan automatically runs an AI analysis within 3 seconds — no manual action needed. A colour-coded badge appears next to the subject line: green (safe), amber (use caution), or red (high risk). Hover it for a plain-English explanation of exactly what was flagged. For the technical breakdown of how the AI reads writing signals and detects AI authorship, see how TrustScan's AI engine works →
Yes. TrustScan is a free Chrome extension that detects AI-generated phishing, scams, and fraud inside Gmail. The free tier includes 50 scans per month, covering AI-authorship detection, phishing detection, scam pattern analysis, and image analysis. No copy-pasting or separate tabs required — TrustScan scans each email automatically the moment you open it. See pricing details →
TrustScan scans every Gmail message for AI-generated phishing automatically. A green, amber, or red trust score badge tells you exactly what to do — in under 3 seconds.
Install TrustScan for ChromeRequires Google Chrome, Edge, or Brave. No account needed · Uninstall anytime.