



Phishing has always been the attacker’s weapon of choice. It is cheap, scalable, and devastatingly effective. But something shifted in late 2023 and accelerated through 2024–2025: threat actors began weaponising large language models (LLMs) and generative AI to craft phishing lures that are grammatically flawless, contextually convincing, and hyper-personalised at scale. For Indian enterprise IT leaders, the consequences are severe—and the old defences are no longer sufficient.
Traditional phishing relied on volume: spray millions of poorly-worded emails and hope a fraction land. Security awareness training taught employees to spot telltale signs—awkward phrasing, generic salutations, suspicious domains. AI erases most of those tells.
The Indian CERT (CERT-In) has flagged a measurable rise in spear-phishing campaigns targeting banking, financial services, pharmaceuticals, and critical infrastructure sectors throughout 2024–2025. The 6-hour mandatory incident reporting rule under the CERT-In Directions 2022 means that when a successful phishing attack leads to a breach, organisations have very little time to respond—making prevention and early detection existential priorities.
Several factors make Indian enterprises particularly attractive targets for AI-powered phishing campaigns.
India’s enterprise sector has accelerated cloud migration, remote work enablement, and digital supply-chain integrations—often faster than security controls could keep pace. This creates a fertile ground for credential-harvesting campaigns that exploit newly connected SaaS environments.
Frequent staff changes mean new employees—who are statistically the most susceptible to phishing—are a near-constant presence. Onboarding processes that do not embed security awareness create a revolving door of vulnerability.
A Tier-1 manufacturer in Chennai may work with hundreds of SME suppliers. Attackers compromise a smaller, less-defended supplier and use that trusted relationship to pivot into the enterprise—a classic vendor impersonation or email-thread hijacking scenario.
The Digital Personal Data Protection Act, 2023, creates financial and reputational exposure for organisations that suffer breaches involving personal data. Phishing is the most common initial access vector for such breaches, meaning DPDP compliance and anti-phishing capability are now directly linked.
Most organisations still rely on a combination of:
Each of these has value, but none was designed for the AI-augmented threat environment:
Defending against AI-powered phishing requires a defence-in-depth approach that combines technology, process, and continuous monitoring.
Deploy an email security platform that uses behavioural AI and Natural Language Processing (NLP) to analyse message intent, not just syntax. Solutions like FortiMail apply multi-layer inspection including sender reputation, link sandbox detonation, attachment sandboxing, and anomaly detection on message content and metadata. FortiMail integrates with the Fortinet Security Fabric, feeding threat intelligence into your NGFW and SIEM in real time.
Block phishing domains before a connection is established. FortiGate NGFWs with Web Filtering and DNS Security profiles can block newly registered domains, look-alike domains, and known phishing infrastructure—intercepting the attack even if a user clicks the link.
Transition from OTP-based MFA to phishing-resistant standards: FIDO2 hardware tokens, passkeys, or certificate-based authentication. These methods are immune to AiTM proxy attacks because they bind authentication to the legitimate domain cryptographically.
Assume that credentials will eventually be compromised. A Zero Trust posture enforces least-privilege access, continuous session validation, and micro-segmentation. Even if an attacker obtains valid credentials via phishing, ZTNA limits lateral movement and blast radius. Fortinet’s ZTNA solution integrates with FortiGate and FortiClient for a unified enforcement model across on-premises and cloud environments.
Technology controls generate alerts; human analysts close the loop. A 24/7 Security Operations Centre (SOC) with trained analysts monitoring your SIEM/SOAR can detect anomalous behaviour patterns—unusual login locations, off-hours data access, lateral movement—that indicate a phishing attack has succeeded and is in progress. Speed matters here: CERT-In’s 6-hour reporting window means your SOC must detect and escalate quickly.
Shift from annual training to continuous, adaptive programmes. Run regular simulated phishing campaigns using AI-generated lures (yes, use the same tools as the attackers) to train employees to be appropriately sceptical. Track click rates by department and tailor training to high-risk cohorts.
Define and rehearse your phishing incident response playbook. Key steps:
Your SOC team should treat the following as high-priority alerts:
Security is not a project, it is a programme. AI-powered threats require AI-assisted, continuously evolving defences.
PJ Networks is India’s trusted managed security partner, delivering end-to-end protection against modern phishing threats:
AI-powered phishing is not a future threat—it is today’s reality for Indian enterprises. The question is not whether your organisation will be targeted, but whether your defences are ready to detect, contain, and recover when it happens. Speak to a PJ Networks security architect to assess your current email security posture and build a roadmap to resilience.