Dear Members and Friends of the IMI Community,
It has come to our attention that phishing emails – sometimes followed by WhatsApp messages – are currently circulating and purport to be from Tat Lim, Chair of IMI’s Board of Directors, requesting monetary assistance. These communications did not originate from him, and the email address used is not his.
If you receive any such email or message, please disregard it and do not respond.
If you are ever in doubt about a communication claiming to originate from IMI or any of its representatives, please contact imisupport@imimediation.org or a trusted member of the IMI team for clarification.
We apologise for the inconvenience caused and encourage all members of the community to remain vigilant against similar incidents.
The Evolving Nature of Phishing
This incident reflects a broader shift in the phishing landscape. The use of artificial intelligence has significantly increased the sophistication of such attacks, moving from easily identifiable mass emails to highly personalised, multi-channel schemes.
As of April 2026, researchers report a 1,265% surge in phishing attacks linked to generative AI since 2023 (Seraphic Security, December 2025).
How AI Enhances Phishing
- More convincing language: AI-generated messages now eliminate typical red flags like spelling mistakes and awkward phrasing.
- Higher success rates: Personalised phishing campaigns have increased click-through rates to 54%, compared to 12%for traditional phishing.
- Greater scale and variation: AI can generate thousands of tailored message variations, making detection more difficult.
- Lower cost for attackers: The cost of sophisticated spear-phishing has reportedly dropped by up to 95%, lowering the barrier to entry.
Emerging AI-Driven Phishing Methods
- Deepfake video calls: Real-time AI tools can be used to impersonate trusted individuals in video communications.
- Voice cloning (vishing): Short audio samples can be used to replicate a person’s voice, tone, and speech patterns in fraudulent calls.
- AI-generated phishing websites: Fake login pages can now closely replicate legitimate platforms and adapt dynamically to the user.
- QR phishing (“quishing”): QR codes embedded in messages can redirect users to malicious sites while bypassing traditional email security filters.
Key Warning Signs
As grammar and spelling are no longer reliable indicators of phishing, it is important to focus on behavioural red flags:
- Unexpected urgency: High-pressure requests involving money, sensitive information, or credentials—particularly when framed as requiring immediate action, even if they appear to come from a trusted source.
- Unusual requests: A trusted individual or senior figure asking for wire transfers, confidential handling, or action through non-standard or unfamiliar communication channels.
- Communication anomalies: Messages sent at unusual times or written in a tone that feels inconsistent with prior interactions (e.g. overly formal or unusually informal).
- Multi-channel pressure: An initial email followed by a text message or phone call intended to reinforce the urgency or legitimacy of the request.
How to Protect Yourself
- Verify independently: Always confirm urgent or unusual requests through a separate, trusted channel (e.g. a known phone number or verified contact).
- Adopt a “zero trust” mindset: Treat unexpected requests with caution, regardless of who they appear to come from, until verified.
