ADVERTISEMENT

Cybercrooks are now creating live, personalized phishing pages in real time

At first glance, it’s a normal and harmless webpage, but it’s able to transform into a phishing site after a user has already loaded it. In a matter of a few seconds, AI carefully crafts a landing page specifically for the victim, thus turning it into an online crime scene.

phishing site

Image by Cybernews.

Izabelė Pukėnaitė
Izabelė Pukėnaitė Daily editor
Jan 23, 2026 Updated: 26 January 2026 3 min read
Key takeaways:
china-phishing
Image by Getty Images/MirageC.
  • It looks very convincing because it will be based on data the browser stores, such as the user’s language, location, or device type.
  • Have a somewhat “reusable” malicious link, because every victim will see a version that’s crafted especially for them.
a table the show the wrokflow of a site turning malicious.
Workflow of the PoC. The first two steps are initial preparation, and the third is an example of generating malicious content to be rendered in the browser. Image by Unit 42.
ADVERTISEMENT

Researchers recreated this scam themselves and found a catch

AI propmts that tell to code a phishing malicious code, letters in black on white page, red arrows
Example of prompt engineering to bypass LLM guardrails and generate JavaScript code for phishing content. Image by Unit 42.

How to avoid this type of attack?

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

ADVERTISEMENT