TelcoNews Australia - Telecommunications news for ICT decision-makers
Australia

Guides

#
5g & beyond
#
internet of things
#
software-defined networking
#
space technologies
#
unified communications

Search

Realistic person concerned at computer shadowy hands online threats
#
Malware
#
Phishing
#
Advanced Persistent Threat Protection

Proofpoint warns AI scams are rising as attacks target people

Mon, 25th Aug 2025
Author image
By Melania Watson, Interview Editor

Proofpoint has issued a warning about the growing threat of scams enabled by artificial intelligence during Scams Awareness Week, stressing the importance of a human-centric approach to safeguarding organisations and individuals.

Adrian Covich, Vice President, Systems Engineering, APJ, at Proofpoint, highlighted that rapid technological changes have introduced new risks in the way scams are conducted. Covich stated,

"As we mark Scams Awareness Week in a rapidly advancing AI-driven landscape, it's essential to recognise and address the emerging risks posed by new technologies. Today's scams are more targeted, more convincing, increasingly powered by artificial intelligence and exploiting human behaviour at scale.

Covich further elaborated on the current trends observed by Proofpoint, noting a shift in the methods used by cybercriminals. According to Covich,

At Proofpoint, we see firsthand that the vast majority of successful cyberattacks rely on human interaction. Our recent Human Factor report found that malicious URLs are now used four times more often than attachments in email threats, reinforcing that attackers are targeting people, not just systems, across email, SMS, and collaboration platforms.

The commentary underscored that scams go beyond technical vulnerabilities, with human behaviour consistently exploited by attackers. Covich explained,

Scams aren't just a technical problem and they're a people problem. Proofpoint advocates for a human-centric approach to online safety. By combining user education with behaviour-driven controls and threat intelligence, organisations can significantly reduce their risk of falling victim to scams.

Changing tactics

The report from Proofpoint indicates that malicious URLs are now a primary tool for threat actors. Instead of relying on suspicious attachments, attackers increasingly use links embedded within emails, SMS messages, and collaboration tools. These links are designed to trick users into revealing sensitive information or enabling unauthorised access to systems.

This tactic capitalises on trust between parties and routine digital communication, making it easier for scammers to convince individuals to click harmful links or provide confidential data. The use of AI in scams enables the creation of highly realistic messages, further increasing the likelihood of success for cybercriminal activity.

People at risk

The focus on targeting individuals instead of systems was emphasised by Proofpoint's findings. Successful attacks depend on human action - clicking a link, reusing passwords, or failing to verify the source of a message. The company reported that these behaviours make users a prime entry point for cybercriminals, rather than weaknesses in network infrastructure or software.

Scam prevention tips

In addition to the commentary, Proofpoint provided practical advice for avoiding scams during Scams Awareness Week. The advice includes vigilance against domain impersonation. Employees should be trained to spot emails from lookalike domains or messages containing false website links. Such scams are a frequent method for attackers attempting to gather credentials or distribute malware.

Proofpoint also advises verifying the source of any unexpected communication, especially where payment or personal information is requested. The recommendation is to reconfirm details through a trusted secondary method, such as a phone call to the genuine contact.

The company stresses the need to recognise social-engineering tactics. Attackers often create a sense of urgency or distress to convince employees or individuals to act against their better judgement. Being prepared and knowing these warning signs can help to mitigate such threats.

Another key point is to avoid allowing domain impersonation, as scammers can impersonate a business's domain to deceive customers and third parties. Implementing DMARC (Domain-based Message Authentication Reporting and Conformance) is highlighted as an effective technical measure that helps ensure only legitimate email is sent from company domains and prevents impersonation emails from reaching users.

Proofpoint concludes its guidance by stating that employee training on scam recognition and security practices should be ongoing, not limited to a one-off exercise during awareness weeks. Reinforcing key concepts and best practices through continuous education is recommended as an effective way to reduce risk.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SentinelOne & AWS enhance AI security with new integrations
AI-driven network automation tops telecom investment plans
Check Point scores 99.59% in top firewall security report by NSS
Exclusive: How Geotab's AI dash cam provides real-time coaching
New partnership to deliver zero-trust security for defence logistics

Top stories

AI & phishing attacks highlight human risk in Australian fraud
DroneShield secures AUD $7.6m US deals as orders & pipeline surge
Is OpenAI planning an AI cloud to rival AWS, Azure & Google?
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Derek Peterson named chairman as WBA steers Wi Fi convergence