CASE FILE // PC-2026-04
Status: Open


Filing 06.00.00Field 27 APR 2026Classification PublicStatus Open

AI-Powered Phishing

The 2026 story is not that phishing exists; it is that the marginal cost of producing a convincing phishing email has collapsed. In controlled testing, AI-automated spear-phishing now matches human experts at a 54% click-through rate, against 12% for an arbitrary-phishing control (Harvard, Heiding et al. 2024). The defensive baseline has to move with it.

Exhibit A

The AI phishing baseline

ESCALATING

82.6%
Detected phishing emails using AI (Sep 2024-Feb 2025)
[KnowBe4 2025]
+53.5%
Year-on-year growth in AI phishing share
[KnowBe4 2025]
54%
Click rate on AI-automated spear-phish (= human experts)
[Harvard / Heiding 2024]
12%
Click rate on arbitrary-phishing control group
[Harvard / Heiding 2024]
+1,633%
Deepfake vishing, Q1 2025 vs Q4 2024
[Keepnet 2025]
$200M+
Deepfake fraud receipts, Q1 2025
[Industry aggregate]
$40B
Projected deepfake-enabled scam losses by 2027
[Deloitte forecast]
60s
Audio to clone a voice for real-time fraud
[Security-vendor estimates]
AI-01

AI-generated email phishing


GenAI removes the legacy detection tells. No spelling errors. Native fluency in any target language. Personalisation at bulk-volume cost. Signature-based gateways underperform; AI-augmented email defence (ICES) layered on top is now the standard.

Representative pretext

Sender: bookkeeping@vendor-domain.io. Subject: Updated Q2 invoice schedule. Body: tonally indistinguishable from the legitimate vendor's correspondence cadence.

AI-02

Deepfake voice cloning (vishing)

DEEPFAKE

60 seconds of source audio (a podcast appearance, an earnings call) clones a CEO voice convincingly enough to authorise a wire-transfer over the phone. The 2024 Arup case study (HK$200M loss) is the canonical example.

Representative pretext

Live call from CFO's number, voice synthesised in real-time, instructing finance to release a payment to a new vendor account ahead of a fictitious M&A close.

AI-03

AI-driven OSINT spear-phish


Crawler agents harvest LinkedIn, conference talks, and public commits. LLM personalises pretext at industrial scale. The same content team that previously produced ten convincing spears per day now produces 10,000.

Representative pretext

Email referencing the target's recent talk at re:Invent and a follow-up question about a specific architecture diagram.

AI-04

Multi-channel coordinated AI attacks


Email + SMS + voice in one pretext sequence. The email primes, the SMS validates, the voice closes. Each channel uses synthetic content. Out-of-band confirmation is the only reliable defensive layer.

Representative pretext

Email from "CFO" lining up an urgent wire. Confirming SMS "on it now, Bob said you'd call". Voice-cloned call closes the approval.

Exhibit C

What works against AI phishing

DEFENCE

  1. Phishing-resistant MFA (FIDO2 / passkeys). Removes the value of even a perfect phishing email if it harvests a password.
  2. Out-of-band verification for any wire, payment-method change, or credential reset. The synthetic call cannot survive a callback to a known number.
  3. AI-augmented email defence (ICES). Catches what signature-based gateways miss against polished generative content.
  4. Updated training that includes AI-generated lure samples. Older training sets are insufficient.
  5. Helpdesk identity-verification scripts, mandatory. The 2023 vishing wave runs through helpdesks.
  6. Tabletop exercises against deepfake voice scenarios. Treat them as the 2026 baseline, not an exotic edge case.

[CISA AI guidance, NIST AI RMF, Microsoft Digital Defence Report 2025]

Updated 2026-04-27