It is increasingly difficult to distinguish a real email from a fraudulent one. Artificial intelligence is allowing cybercriminals to generate messages that very precisely imitate the communications of banks, insurance companies or energy companies, which is causing an increase in phishing and – consequently – claims related to this type of fraud.
At first, cybercriminals who used this phishing tactic were easily identified by writing errors, use of inappropriate language by the sender, or requesting really suspicious tasks from the client. Today, however, artificial intelligence tools make it possible to generate emails and messages that are practically indistinguishable from those sent by legitimate companies, which significantly increases the effectiveness of these attacks.
The impact of the phenomenon is already visible in the figures. According to data from the Ministry of the Interior, more than 460,000 cybercrimes were recorded in Spain in 2024, the majority related to computer scams and digital fraud. Phishing continues to be one of the most used techniques to obtain user credentials, personal data or banking information.
The National Cybersecurity Institute (INCIBE) detects tens of thousands of incidents related to online fraud every year, many of them based on identity theft from well-known companies with the aim of generating trust in the victim.
Artificial intelligence is amplifying this phenomenon. Fraudulent messages can be generated automatically, adapt to the user’s profile and even accurately replicate the tone, use of certain words and communication style of a specific entity, making it difficult for the consumer to distinguish between a legitimate communication and an attempted fraud.
When identity theft reaches court
And phishing is not just a technological problem. Increasingly it is also becoming a legal problem. Because when a scam occurs through a communication that appears to come from a legitimate company, the conflict usually ends in a claim or even in court. In these cases, the legal debate usually focuses on determining whether the entity whose identity has been used adopted sufficient measures to prevent impersonations or offer verifiable communication channels with its clients.
In recent years, claims related to digital fraud have multiplied, especially in the banking field. For this reason, the courts are analyzing with increasing detail the degree of diligence required of entities to protect users against this type of attacks.
Although each case depends on its specific circumstances, some judicial pronouncements already point to a clear trend: when the fraudulent communication is especially credible and the user acts with reasonable confidence that they are interacting with a legitimate company, the legal analysis focuses on whether the affected entity had adopted appropriate measures to avoid this type of impersonation or to facilitate verifiable communication channels.
The authenticity of digital communications, the challenge for companies
Given this scenario, many companies are reviewing how they send certain messages to their customers.
“It is not enough to send an email. It is increasingly important for a company to be able to demonstrate that a communication really comes from it and that its content has not been manipulated,” explains José Javier Meizoso Fernández, CEO of Legalpin, a company specialized in certified and encrypted digital communications.
This explains the growing interest in systems that make it possible to prove the authenticity of a digital communication, certify its content and protect it through encryption, especially in sectors where trust is critical, such as finance, insurance or energy.
Artificial intelligence tools make it possible to generate emails and messages that are practically indistinguishable from those sent by legitimate companies.
“When a client receives an important message from their bank or insurer, they should be able to be certain that this message is authentic and that it has not been manipulated. These types of guarantees are beginning to be essential in an environment where digital impersonation is increasingly sophisticated,” adds Meizoso.
These types of systems make it possible to prove the content, sending and receiving of a communication while the message remains protected by encryption, thus reducing the risk of impersonation or manipulation.
For companies, the challenge is to reinforce their official communication channels with systems that allow authentic messages to be clearly identified and prevent customers from being victims of impersonation.
José Javier Meizoso Fernández, CEO of Legalpin
