Impact of AI Personalization on Email Clicks and Conversions: Insights from a Real-World AI-Personalized Phishing Simulation
Summary
Large Language Models (LLMs) enable near-instantaneous, high-quality text generation and is rapidly revolutionizing various industries. A promising use case is AI email personalization, which is relevant for legitimate applications such as marketing and illegitimate applications such as phishing. Despite the enthusiasm and development of numerous AI tools that boast significant efficiency and ROI gains, empirical evidence of their real-world effectiveness remains limited. This study addresses this gap through a large-scale empirical experiment in a professional services organization, using a simulated phishing campaign as a controlled environment to test AI personalization with demographic and occupational data.
The experiment tested AI personalization against a historical benchmark of generic emails, comparing personalization levels (organizational versus individual), different LLMs (GPT-4o and GPT-4o-mini), varying temperature settings, and subgroups (departments, job seniority). The results reveal that AI-personalized emails significantly improve click-through rates (CTR) and action completions/conversion rates (CVR) compared to generic, non-personalized emails. Organizational-level personalization unexpectedly outperformed individual-level personalization in conversion rates, suggesting that hyper-personalization may raise suspicion or mistrust in some cases. Furthermore, no significant differences were found between LLMs or temperature settings, indicating that even “less advanced” AI models can be highly effective for content personalization.
These results provide useful insights for marketers trying to increase user engagement through AI personalization, researchers studying the real-world impact of AI personalization, and organizations assessing the risks of AI phishing. By measuring AI’s effect on email communication, this study highlights the importance of being ready for these cybersecurity attacks, identifies best practices for AI personalization, and adds empirical data to inform policies and discussions. Future studies should look into how the sender’s identity, different communication channels, and adding more data sources can improve AI personalization methods.