How to spot cyber threats in the age of AI

Artificial intelligence (AI) is changing the cyber security landscape. The National Cyber Security Centre (NCSC) points out that cyber criminals are “almost certainly already using AI to enhance existing tactics, techniques, and procedures”, making it easier for them to target vulnerable charities. Three in ten charities experienced a cyber breach or attack between 2024 and 2025, according to the UK Government’s 2025 Cyber Security Breaches Survey.  

 

While its overall impact on cyber security is an estimate, the NCSC also notes that AI “will almost certainly continue to make elements of cyber intrusion operations more effective and efficient, leading to an increase in frequency and intensity of cyber threats.”

 

So it is more important than ever that charities deepen their cyber awareness. Some basic rules for spotting cyber threats, though still applicable, may have changed in the age of AI. For example, spelling and grammar mistakes, once the obvious tell of a phishing email, are easier to eradicate using generative AI. Not to mention its ability to create more believable logos and images that may support the communication’s credibility. We must find more ways to remain alert to the threat.

 

 

Get the right tools in place

 

First, charities should ensure that they have robust cyber security software in place. Knowledge of cyber threats is essential but so is supporting that knowledge with systems in place to detect and act on cyber threats. Combining human oversight with cyber security software is the best defence against the increasing sophistication of cyber threats.

 

And it doesn’t have to break the bank. Charities can access Avast cyber security software at a discount through Charity Digital, making it easier and more cost-effective for the sector to protect itself against potential cyber attacks.

 

Avast has also developed its own AI tools to mitigate cyber threats, including the Scam Guard Pro, which is included in the Premium Business subscription. Its Avast Assistant is designed to analyse texts, emails, and links for signs of scams and acts as a helpful resource for users, answering their questions about cyber security.

 

You can find out more about Avast products – and how to access the charity discount – by clicking the button below.

 

Discover Avast 

 

 

Pause and verify

 

The rise of deepfakes is one of the most concerning aspects of AI and its impact on cyber security. Urgent messages purporting to be from the organisation’s leadership are already a common method of fraud, scaring people into acting quickly, without pausing to verify who the request is actually coming from.

 

Deepfakes – whereby cyber criminals can create videos and voice messages that look and sound like a specific person – have only compounded the issue, making it harder for employees to spot fraudulent requests.

 

Avast points to the example of car manufacturer Ferrari, who experienced this type of cyber attack in action after an executive received a voice message impersonating the CEO. Fortunately the scam was spotted – but the concern remains.

 

There are some quick rules to help mitigate the risk of deepfake-powered fraud, shared by Avast in its blog:

• Know the signs of AI: “Robotic or overly smooth voices, weird eye movement, and glitchy video quality should raise suspicion”
• Consider the likelihood:  Would the CEO usually come directly to you for this request? Would it be this urgent?
• Be wary of weird requests: “Asking for money, passwords, or any urgent action is a red flag”
• Use multi-factor authentication (MFA): Multi-factor authentication provides an extra level of security for accounts and systems, if passwords are breached
• Consider a “safe word”: Create a phrase for the organisation that verifies whether a request is legitimate. Other ways of verifying include ringing the person on a known number, email address, or messaging platform – critically not the one they have contacted you on

In all cases, the best thing to do when receiving a seemingly urgent request, out of the blue, is take a pause to verify it. Creating a sense of urgency and authority have long been tactics in the cyber criminal’s playbook – while AI may have added an extra layer to this, there are still ways to prevent it from working.

 

 

Follow the red flags

 

Indeed, as much as AI has augmented cyber threats, many of the same tactics apply and it is possible to spot them in the wild. Citizens Advice Lancashire West shares its list of common signs, including:

• Urgency and emotion to bypass logic
• Off visuals – blurry logos, mismatched lipsyncing, odd backgrounds where elements are misaligned
• Unnatural voice patterns
• Excuses not to receive calls, such as poor signal
• Unusual payment requests

The organisation supplies a handy security checklist, advising that people take the time to verify unusual messages, pause before they click unknown links, and enable two-factor authentication to maintain cyber security even if passwords are compromised. It also recommends what to do if you do spot a threat: Stop responding.

 

Change passwords. Report suspicious activity to the relevant platform and authority (e.g. Report Fraud).

 

It is daunting to hear that AI will increase the volume and enhance the tactics of cyber attacks. But there are plenty of resources out there to help charities.

 

As well as offering discounts on their tech through Charity Digital, Avast  has a blog that shares advice on the most up-to-date cyber threats and tactics – including information on deepfakes – and how to mitigate them. 

 

Charities can find more information about cyber security in the age of AI on the Avast website.

 

Discover Avast products