AI-powered phishing in 2026: a defender's guide

What changed since 2023

Phishing in 2023 was a numbers game with bad spelling. Phishing in 2026 is a numbers game with native fluency.

Large language models give attackers four capabilities that didn't scale before: native-speaker quality in any language; personalization at volume (referencing your real job title, company, recent project); rapid A/B testing of subject lines and call-to-action wording; and the ability to mimic a specific person's writing style from a small sample of public emails or social-media posts.

Industry reporting from late 2025 onwards is consistent: AI-generated phishing emails reach click-through rates of 8–20%, compared to 1–3% for traditional phishing campaigns. The economics of the attack are now extremely favourable to attackers.

The new attack patterns to watch for

The 'CEO is on a flight, urgent wire transfer' attack now arrives in your CEO's actual writing style, with references to a deal you're actually working on, sent at a time the CEO is plausibly unreachable.

The 'IT support, please reset your password' attack now arrives from an IT person's name you actually recognize, with a screenshot that matches your company's actual login page, and a link to a domain that's a single character off from your real one.

The 'invoice attached' attack now references a vendor your accounts payable team actually uses, with a PDF that opens normally and only triggers the attack on a second click.

Multi-channel attacks combine email + a follow-up SMS + a fake call. Each channel reinforces the others, which makes the lure feel verified.

Account takeover is now part of the workflow. Attackers compromise one mailbox, then send phishing emails from it to internal contacts. The 'from' address is genuinely trustworthy, and the writing style matches because the model trained on the real owner's sent folder.

What still works as a defense

Phishing-resistant authentication. Passkeys (FIDO2) and hardware security keys (YubiKey, Titan, Google Titan) cannot be phished. Even if you click the link and 'log in,' the authenticator refuses to release a credential to the wrong domain. Make this your default for any account that supports it — Google, Apple, Microsoft, GitHub, and most banks now do.

Password managers. A password manager refuses to autofill a saved password on a domain it doesn't recognize. If you arrive at 'g00gle.com' (zeros for o's) and your manager declines to fill — that's the warning. Pay attention.

Out-of-band verification. For any email asking you to act urgently — wire money, change a payment destination, share credentials — call the sender on a number you have, in a separate channel. Yes, even if the email is from your boss.

Slow down on urgency. Almost every successful phishing campaign exploits a sense of urgency. Real, legitimate processes have time for verification. If the email insists otherwise, treat that insistence as a red flag.

Domain hygiene. Hover over links before clicking. The displayed text and the actual URL often differ. On mobile, long-press to preview the full URL.

What stops working

'Look for typos and bad grammar' — gone. Modern lures are flawless.

'Generic greetings indicate phishing' — gone. The email will use your name, your company, your role.

'It's from someone I know, so it's safe' — increasingly false. Account takeover means the from-address is real.

'I'll just hover and check the link' — still useful, but attackers now use legitimate-looking subdomains and Punycode characters to fake domains. The lock icon means the connection is encrypted, not that the site is who it claims to be.

'I'll know when something feels off' — works less reliably now. The whole point of AI personalization is to make the lure feel right.

A practical defense routine

Enable passkeys on your most-used accounts (Google, Apple, Microsoft, GitHub, your bank, your password manager). One weekend's work; eliminates most credential-theft risk.

Use a password manager. Bitwarden, 1Password, Proton Pass — any reputable manager. The autofill behaviour is your phishing defense.

Set a personal rule: any email demanding action involving money or credentials gets verified out-of-band before action. No exceptions.

When forwarding suspicious emails to IT, use 'forward as attachment' so the headers are preserved.

Report suspected phishing, even after the fact — your IT team's filters improve from each report.

For organizations: what to do

Roll out passkey enrollment. Microsoft, Google, and most major IdPs support passkey-first authentication.

Mandate DMARC enforcement on all owned domains. This stops attackers from sending mail that appears to come from you.

Train continuously, not annually. AI lures evolve faster than annual security training cycles.

Run phishing simulations using AI-generated lures (multiple vendors offer these now). Old simulation libraries are too easy.

Set policies for high-risk actions (wire transfers, payment-detail changes, credential resets) that require out-of-band verification — and make those policies easier to follow than to bypass.

Frequently asked questions

How can I tell if an email was AI-generated?

Reliably, you can't. The whole point of modern AI phishing is that the surface signals are gone. Defend with phishing-resistant authentication and out-of-band verification, not by trying to spot the lure.

Is my company's email filter useless now?

Not useless, but degraded. Filters trained on old phishing patterns miss AI-generated content more often. Most major email providers (Microsoft, Google) have updated their filters with AI-detection capabilities, but the arms race continues.

What's the single most effective defense I can deploy this week?

Enable passkeys or hardware-key 2FA on your email account. Email is the recovery channel for everything else; protecting it cuts off most attack paths.

Does multi-factor authentication still work?

MFA based on SMS or one-time codes still helps but can be phished — the user is tricked into typing the code into a fake site. Passkeys and hardware keys are 'phishing-resistant' MFA — they can't be relayed by a fake site.

Should I be more suspicious of internal emails now?

Yes. Account takeover means an internal email may genuinely be from a colleague's account but composed by an attacker who has access. For sensitive actions, verify out-of-band.

Related guides