



Phishing is no longer a game of poorly-worded emails from a “Nigerian prince.” In 2025, threat actors are weaponising large language models (LLMs) and generative AI to craft hyper-personalised, grammatically flawless spear-phishing campaigns that target Indian enterprises with surgical precision. The old advice of “just look for spelling mistakes” is dangerously outdated.
At PJ Networks, our 24/7 SOC analysts have seen a marked rise in AI-assisted phishing attempts targeting mid-sized and large Indian organisations — from manufacturing conglomerates in Gujarat to IT/ITeS firms in Bengaluru and BFSI institutions in Mumbai. This post breaks down how these attacks work, what makes them so effective, and the layered defences every Indian enterprise should have in place right now.
Traditional phishing relied on volume: send ten million emails, hope two percent click. AI-powered phishing inverts that model. Attackers now use LLMs to:
The result: click-through rates on AI-crafted spear-phish can be three to five times higher than commodity phishing, according to multiple threat intelligence reports published in late 2024. For Indian enterprises, which often operate with lean IT security teams, this is a critical escalation.
Several factors make Indian businesses a preferred target for AI-powered phishing campaigns:
India’s digital economy is accelerating — UPI transactions, cloud-first ERP deployments, remote-work proliferation — but many organisations have scaled technology faster than they have scaled security awareness and controls. Attackers know this and exploit the gap.
India is one of the world’s largest markets for B2B wire transfers, trade finance, and supply-chain payments. A single successful Business Email Compromise (BEC) attack facilitated by AI-written phishing can yield lakhs or crores in fraudulent transfers. The ROI for attackers is compelling.
With the Digital Personal Data Protection (DPDP) Act and CERT-In’s 6-hour mandatory breach reporting now in force, threat actors are impersonating regulators, auditors, and compliance consultants. Fake “CERT-In Compliance Audit” emails are a growing lure vector observed in 2025.
Many Indian enterprises work with a wide ecosystem of vendors, contractors, and channel partners — some with weaker security postures. Attackers compromise a smaller vendor’s email, then send AI-crafted phishing from that legitimate domain to the enterprise. Email authentication alone (SPF/DKIM/DMARC) will not catch this.
Consider this hypothetical but realistic attack chain observed in the Indian manufacturing sector:
The entire chain — from reconnaissance to financial fraud — can execute within 72 hours. Without real-time email threat detection, 24/7 SOC monitoring, and ZTNA micro-segmentation, the window to detect and contain the attack is extremely narrow.
Legacy email gateways scan for known malicious signatures. That is insufficient against AI-crafted zero-day phish. Deploy an advanced email security solution such as Fortinet’s FortiMail, which combines:
Block lookalike domains and newly registered domains at the DNS layer. Many AI-powered phishing campaigns rely on domains registered within 48 hours of the attack — DNS reputation filters catch these before a user can click.
Assume that credentials will be compromised. ZTNA means that even with valid credentials, an attacker cannot freely move laterally. Every access request — even from inside the perimeter — is validated against user identity, device health, and contextual signals before access is granted. Fortinet’s ZTNA solution, integrated with FortiGate NGFW, delivers this without requiring a full network redesign.
Enforce multi-factor authentication on all privileged accounts, VPN, and cloud console access without exception. AI-generated phishing increasingly targets the authentication stage; MFA raises the cost of exploitation significantly. Hardware tokens (FIDO2) are preferred for high-value accounts over SMS OTP, which is susceptible to SIM-swap attacks — a known threat vector in India.
Retrain your workforce. Awareness programmes built around “look for spelling mistakes” are obsolete. Updated training must:
A phishing email that bypasses technical controls can still be caught post-click — if someone is watching. A 24/7 Security Operations Centre with SIEM/SOAR integration monitors for post-exploitation indicators: anomalous login times, unusual data access, lateral movement, and privilege escalation. For most Indian enterprises, building this capability in-house is cost-prohibitive; a Managed SOC (MSSP) delivers enterprise-grade monitoring at a predictable monthly cost.
When a phishing attack succeeds, the clock starts immediately. Under CERT-In’s 2022 directive, Indian organisations must report certain cybersecurity incidents within six hours of detection. Your incident response plan must include:
Week 1 — Assess:
☐ Audit current email security stack — is sandboxing enabled for all attachments?
☐ Verify DMARC policy is set to p=quarantine or p=reject (not p=none)
☐ Identify all privileged accounts and confirm MFA status
☐ Review third-party vendor email domains for DMARC compliance
Week 2 — Strengthen:
☐ Deploy DNS-layer filtering (block newly registered domains)
☐ Run an AI-crafted phishing simulation — measure current click rate
☐ Enable ZTNA for all remote access and cloud application access
☐ Enforce hardware MFA (FIDO2) for all admin and finance accounts
Week 3 — Monitor:
☐ Confirm 24/7 SOC coverage is in place (in-house or MSSP)
☐ Integrate email security alerts into SIEM
☐ Enable user-reported phishing workflow (one-click report button in email client)
☐ Review SOC escalation runbooks for phishing-triggered incidents
Week 4 — Prepare:
☐ Test your CERT-In 6-hour reporting workflow end-to-end
☐ Update IR playbooks with AI-phishing-specific scenarios
☐ Brief senior leadership and board on AI phishing risk and financial exposure
☐ Schedule quarterly repeat of phishing simulation
PJ Networks is an Indian managed security provider specialising in enterprise cybersecurity for organisations that need enterprise-grade protection without building a full in-house security organisation. Our services directly address the AI phishing threat:
If you are reassessing your organisation’s email security posture in light of the AI phishing surge, we would be glad to conduct a no-obligation security assessment. Reach out to the PJ Networks team to schedule a conversation with our security architects.
The threat landscape is evolving faster than ever. The best time to upgrade your defences was a year ago. The second best time is today.