The challenge though is we have seen AI's introduction in marketing and customer service. Machine written communications aren't a tip-off of phishing any more than spelling errors, I'm afraid.

I like how the article led with a recommendation of "when in doubt, call the sender." I refer to this as "ALWAYS initiate the transaction." Never respond in-band to the email, text, etc. Use the 1-800 number, official site, etc. A lot of times, that means picking up the phone, something younger employees aren't as adept at as their predecessors.

I suspect I will die on this hill, but if you really want to stop email borne attacks, stop reading email in HTML, I'll moderate my position to stand on only external email. But as we continue to fret over how technology can fool us, doesn't it make sense to diminish the distracting bells and whistles it can provide?

I think the article also did a good job referring information gathering (i.e., open source intel). Before we start getting into the trees and leaves of defeating online scams, let's look at the forest. What are we putting out to the world about our companies, employees, and ourselves? This is where security needs to do a better job communicating and understanding business drivers. Often on the marketing side of the house you see a lot of attempts to run before they can walk with technology. But in fairness, some of that comes from security/IT scolding "no running!"