Google, in its latest Fraud & Scams Advisory, separately highlighted the evolution of traditional phishing into Adversary-in-the-Middle (AITM) and QR-code phishing attacks while documenting growing abuse of trusted cloud services, AI-driven investment scams, and impersonation campaigns.
While Microsoft’s advisory focuses on AI-branded lures and Google’s examines broader fraud trends, both point to attackers evolving established social-engineering techniques to match the growing role AI plays in everyday enterprise workflows rather than relying solely on technical exploits.
AI lures move into the mainstream
“Threat actors are quick to capitalize on highly anticipated launches or emerging trends, leveraging trusted branding and exploiting user curiosity to improve the success rates of their campaigns,” Microsoft said in the advisory. The company added that despite the AI branding, the campaigns continue to rely on “longstanding tactics” such as urgency-driven messaging, abuse of trusted services, and multi-stage redirection chains.
Microsoft argued that AI-themed campaigns are becoming more than opportunistic attacks. “AI-themed lures reflect a shift in social engineering that is likely to persist as a long-term tactic used by threat actors, from cybercriminal groups to nation states,” the advisory said, citing campaigns that used ChatGPT-themed subscription renewal emails and fake DeepSeek V4 repositories employing stolen branding and search optimization to distribute Vidar Stealer malware.
