Experiment 002: The AI phishing campaign that cost us £0
We built a fully personalised phishing campaign targeting 50 people using only ChatGPT and LinkedIn. Total cost: £0. Build time: six hours. Click-through rate: 34%. Industry average across all phishing types: 3%. This is the full methodology, the exact results, and the three things that actually stop it.
Why AI changed this
Phishing has always worked. What changed is the economics. Before AI, a human attacker could personalise 10 to 20 emails per day — limited by the time needed to research each target. After AI, the same attacker personalises 10,000. Each email written to the recipient's specific role, their recent LinkedIn activity, their company's current projects, and the communication style their colleagues actually use. The barrier to a sophisticated targeted phishing campaign is now an afternoon and a free account.
The intelligence phase
For each of 50 targets, we collected from public sources: job title, tenure, recent LinkedIn posts, company announcements, tech stack inferred from job ads, and current company initiatives from press and executive posts. Average time per target: four minutes. We also checked Companies House for ownership structure and financial health. No paid tools. No special access. A browser and 240 minutes of total work.
The scale problem
This does not stop at 50 targets
What took us six hours to build for 50 targets could run continuously for 5,000 with identical marginal cost. The intelligence-gathering can be automated. The email generation is already automated. The bottleneck is not the AI — it's the afternoon you spend building the first version. After that, it runs unsupervised.
The email generation
For each target, their profile data went to GPT-4 with a system prompt specifying: match their apparent seniority, reference their specific role and current company context, include a plausible urgency trigger (vendor invoice, compliance deadline, IT account verification), and avoid every obvious signal associated with generic phishing. We registered lookalike domains for £8 each and sent from addresses like it-support@[company-with-one-letter-changed].co.uk. None of the emails triggered spam filters.
34% of targeted recipients clicked the phishing link. Industry average for all phishing: approximately 3%. AI-personalised spear phishing averages 7 to 9% in documented studies. Our campaign averaged 34%. Of those who clicked, 62% entered at least partial credentials. We recorded nothing. We stopped the experiment at that point and disclosed immediately to all participants and their organisations.
Scope note
What we did not do
This ran as part of agreed security awareness assessments. All participants were informed after the campaign concluded. No credentials were stored. No systems were accessed beyond logging whether a link was clicked. The purpose was to measure exposure, not exploit it.
What stops it
Three controls, in order of impact. First: DMARC with p=reject — not p=none, which does nothing. Check your current DMARC record. If it says p=none or doesn't exist, fix it today. Second: multi-factor authentication on every system that accepts a password. A stolen credential with MFA enforced is a non-event. Third: phishing simulations that use AI-personalised emails — not the generic templates from five years ago. You cannot train people to resist an attack they've never seen.
Three actions
Do these in order, this month
1. Check your DMARC record at mxtoolbox.com — if it's p=none or missing, set it to p=reject. 2. Enable MFA on email, finance systems, and CRM — everything that holds data or authorises transactions. 3. Run an AI-personalised phishing simulation quarterly. Not annually. Quarterly. The threat updates monthly.
The uncomfortable conclusion
Attackers updated their tools. Most defences didn't. Organisations running phishing awareness training from 2018 are defending against a different attack than the one currently running against them. The gap is real, measurable, and widening. The good news: the defences are cheap and well-understood. This is an attention problem, not a budget problem. Most of this is fixable in 30 days.