The two universal phishing tells — bad grammar and clumsy phrasing — are gone. What replaced them, and which checks still catch a scam email when the writing reads as well as the real thing.
Published 24 May 2026 · ScamSupport research · ~9 minute read
For most of the last decade, the easiest filter you could apply to your inbox was the writing. A scam email gave itself away in the first sentence. The grammar was off, the greeting was generic, the syntax read like a textbook translation, and the brand voice was an obvious miss. “Dear Customer”, “Kindly to verify your account”, “Refund processing have been delayed”: a literate reader could spot the shape across a room. Most awareness training, and a meaningful slice of email filtering, leaned on exactly these tells.
That filter has stopped working. By 2026 any criminal with an API key and a credit card has access to fluent, brand-accurate, personalised English at a per-message cost that rounds to zero. The polished scam email is no longer the elite work of a sophisticated campaign; it is the new floor. This article looks at what changed, what hasn’t, and which checks still catch a phishing message when the writing reads as well as the real thing.
Bad grammar. A native-fluent message used to take time, money or talent to produce at scale. Generative language models removed all three at once. The same model that drafts a perfectly serviceable cover letter will, on request, draft a perfectly serviceable account-verification request, in any UK English register the criminal wants. The reader-side rule “if it’s badly written, it’s a scam” was always probabilistic; in 2026 it is no longer even useful as a heuristic, because the polished version costs the criminal the same as the clumsy version did.
Generic greetings. “Dear Customer” still appears, but the more sophisticated end of the campaign space has moved past it. Breach data and broker leaks give criminals first names, postcodes, employer bands, and sometimes the last four digits of a card. A model then merges a target list with a lure template, and the message arrives with your actual name, an address that matches yours, and a brand you actually use. The personalisation isn’t perfect, but it doesn’t need to be perfect — only better than the obvious mass-mailshot it replaces.
The polished end of the campaign space now reliably produces messages with most of the following properties:
Read in isolation, a single message from a 2026 campaign will rarely declare itself as a scam. The defences that work are the ones that don’t rely on reading the message at all.
Underneath the writing, a phishing message has to do a small number of structural things, and none of them depend on the prose. AI made the prose indistinguishable; it didn’t make the underlying mechanics indistinguishable. Four checks survive the rewrite.
The sender domain. The part of the sender address immediately before the first slash is the only part the criminal can’t fake. A real HMRC email ends @hmrc.gov.uk; a scam impersonating HMRC ends in something else, however convincing the rest of the message is. The decorative left-hand parts of the address can say anything, including “hmrc”. The real domain is always on the right. AI writes the body; the body has nothing to do with the sender domain.
The destination URL. Hover the link on a computer, or long-press it on a phone, and read the real destination. If the link text says amazon.co.uk/orders and the destination is amazon-orders-verify.click, it is fraudulent — regardless of how well-written the surrounding paragraph is. The criminal’s infrastructure still has to live somewhere they control, and the brand’s real domain is not somewhere they control.
The credential request. No legitimate company asks you, by email, for your password, your full card number, a one-time security code, or a “verification” payment. AI can polish the request and frame it in the brand’s most plausible voice; it cannot change the fact that no real bank or retailer asks for these things by email. The shape of the ask is the same whether the writing is fluent or clumsy.
The off-platform call to action. Every successful phishing message ends with you doing something the brand wouldn’t actually need you to do off its own real surface — logging into a page reached by the message’s link instead of by typing the URL, ringing a number printed in the message rather than the one on the back of your card, replying to confirm a code. If the action the message asks for would be unnecessary inside the brand’s real app, you are being routed.
Strip these four out of any phishing message and it stops being a scam. AI hasn’t altered any of them, and the reason is structural: a campaign built without any of them isn’t a phishing campaign — it’s a piece of fan mail.
The writing-quality tells have died, but they haven’t been replaced by nothing. Experienced eyes have started to pick out new ones, all subtler than the old ones, all best treated as cues to verify rather than as definitive proof.
It is easy to read all this and conclude defenders are losing, but the picture at the gateway is more mixed than the picture in the inbox suggests.
Email providers have brought their own AI to the fight. Spam-filter models now score every incoming message against patterns drawn from most of the world’s email, and the obvious end of AI-written phishing is increasingly caught before it lands. The campaigns that do reach your inbox are, by definition, the ones that beat that model — meaning what arrives is a smaller volume of higher-quality attempts than five years ago, not the same volume of slightly-better-written ones.
Sender authentication has continued to roll out. As UK consumer brands move to strict DMARC policies, impersonations of those brands from spoofed senders simply will not render in a compliant inbox. Coverage is uneven — big brands well-protected, the long tail much less so — but the pattern is in the right direction.
The single most effective end-user defence sits below the writing entirely: a password manager. A modern password manager remembers the real domain a credential belongs to and refuses to auto-fill on a lookalike. It catches almost every credential-phishing attempt before the human can fall for it, because it never even shows up the “your password is…” field on the fake page. The polish of the message is irrelevant to a mechanism that doesn’t read it.
The polish is real, and it will keep getting better. AI rewrote the surface of the scam email and the writing-quality defences that rested on that surface have gone with it. What it didn’t rewrite is the structural shape of phishing — a sender domain that has to be wrong, a destination that has to be off-brand, a credential request that has to be asked, an off-platform action that has to be taken. Those four are the load-bearing pieces, and they remain checkable.
The practical conclusion for an ordinary reader is unglamorous: hover links before clicking them, type URLs rather than tapping them, use a password manager, and refuse to act on a request for credentials by email no matter how well the message reads. These three habits, consistently applied, defeat the great majority of AI-era phishing — not because they out-think the model but because they sidestep it entirely. The model wrote the message; the model isn’t in the room when you decide what to do with it.
For the patterns AI phishing is currently using against UK inboxes by brand and channel, the cluster guide at Email Scams in 2026 is the practical companion. For the structural sibling to this article, focused on the campaign infrastructure rather than the writing, see Anatomy of a 2026 Phishing Campaign.