I got a phishing email last month that genuinely fooled me for about 30 seconds. Personalized, correctly formatted, referencing a real vendor I use. This is the new baseline, and the old advice about "look for typos" is dangerously outdated.
Generative AI has eliminated the typo-and-broken-English tells that used to make phishing emails identifiable. Attackers now use LLMs to generate perfectly grammatical, contextually appropriate messages at scale. More concerning: spear phishing — targeted attacks using publicly available personal information from LinkedIn, company websites, and social media — has become cheap to automate. An attack that previously required hours of manual research can now be deployed in minutes.
Urgency framing: "Your account will be suspended in 24 hours" exists to prevent you from thinking carefully. Any email creating time pressure deserves extra scrutiny. Sender address inspection: the display name can say anything — look at the actual domain. A message from "Amazon Support" at amazon-support-billing.net is not from Amazon. Hover over any link before clicking — the destination URL should match the organization's actual domain exactly.
Hardware security keys (YubiKey) for critical accounts make phishing attacks that capture passwords useless — the key is cryptographically bound to the actual site domain. Email clients that display full sender addresses by default. Browser extensions that flag known phishing domains. And for organizations: DMARC, DKIM, and SPF records that prevent domain spoofing.
Call to verify anything unexpected involving money, credentials, or urgent action — using a number you find independently, not one provided in the message. This one step blocks almost all social engineering attacks regardless of how sophisticated the initial contact is.
My honest take: Assume every unexpected email is suspicious until you verify through a separate channel. That's not paranoia — it's just current reality.
From experience: In practice, the tools that actually save time are those you don't have to think about — they integrate naturally into your existing workflow rather than demanding a new one.
Research from Stanford HAI's 2024 annual report found that AI adoption in knowledge work increased productivity by an average of 14% among early adopters, though the range varied significantly by task type and implementation quality.
AI tools have real limitations that their marketing consistently underemphasizes. They hallucinate — confidently producing incorrect information — at rates that require verification for any consequential use. They reflect biases present in their training data. And they can create a false sense of productivity by generating output volume that exceeds actual useful output. The appropriate response is thoughtful integration, not either wholesale adoption or reflexive rejection.

Emily Chen is a technology journalist and former software engineer with 9 years of experience covering artificial intelligence, cybersecurity, and the technology industry. She writes with technical depth and honest asses...