Workplace phishing is getting harder to detect as AI improves the tone, grammar and realism of fraudulent messages. New research from Sagiss, a provider of IT and managed security services, finds that many workers are still clicking links, replying to messages or verifying requests only after taking action. The results show phishing risk is being shaped by both message quality and the pace of modern work.
Sagiss partnered with third-party survey platform Pollfish to survey 500 desk-based workers who use email or chat as part of their jobs on Feb. 23, 2026. The report examines how employees are responding to suspicious messages as AI makes phishing attempts more convincing and harder to spot in everyday workplace communication.
Sagiss’ findings suggest phishing risk is about more than awareness alone. Even when employees know they should slow down and verify unusual requests, many are operating in environments defined by urgency, multitasking and after-hours responsiveness. As suspicious messages become more polished and harder to distinguish from routine work communication, employers may need to complement training with changes that reduce rushed decision-making in daily workflows.
Key findings include:
- 72% say phishing attempts are more convincing than a year ago because of AI-written language.
- 64% say an AI-generated message could likely impersonate someone they work with, and 57% say AI makes phishing harder to spot because it feels more professional.
- 63% clicked a work-related link in the past year and later felt they should have double-checked it first.
- 57% have verified a message’s request only after taking action first.
- 45% have replied to a work message and later questioned whether it was legitimate.
- 68% check work email or chat outside normal business hours at least sometimes, and 56% feel pressure to respond after hours at least sometimes.
“AI is changing the way phishing looks and feels, but the deeper issue is that employees are making decisions under constant pressure,” said Travis Springer, President at Sagiss. “Cybersecurity leaders need to account for the reality of modern work, where people are moving quickly, responding across channels, and often making judgment calls before they have fully verified what is in front of them.”
Leave a comment