More than 80% of email scams now use AI, Catalonia's cybersecurity agency warns

More than 80% of email scams containing malicious links now use generative artificial intelligence, making fraud increasingly difficult to detect, according to the Catalan Cybersecurity Agency.

The finding appears in the agency's Cybersecurity Outlook Report for 2026, which warns that scams are becoming "much more sophisticated" as criminals deploy AI to generate text, video and voice.

According to the report, 82.6% of emails containing malicious links now involve AI-generated content.

Laura Caballero, director of the agency, warned that, as a result, cyber fraud is becoming far harder for users to spot. "What AI generates is almost perfect," she said.

Caballero said companies and online platforms are already reinforcing their systems with AI tools to detect fraud, and advocated for "technology to fight technology," alongside greater public awareness.

She recommends measures such as enabling two-factor authentication, using strong passwords and deploying tools to identify fraudulent messages, emails or calls.

The Catalan Cybersecurity Agency, which protects the IT systems of the government and related bodies, handled 3,372 cyber incidents in 2024, up 26% from 2023, according to its latest activity report.

Most incidents were minor and related to credential leaks or unauthorised access to email accounts, with the university sector the most affected.

Data for 2025 will be released in the coming months.

€18.6 million investement

In June, the Catalan government launched a new cybersecurity strategy with a planned investment of €18.6 million to protect hospitals, health centers and local administrations.

Scam calls

To protect yourself from scam calls, you can sign up for the Robinson List, a free advertising opt-out service promoted by the Spanish government.