AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead

  • Home
  • AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead
AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead
AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead
AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead
AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead
AI-Powered Phishing in 2025: How Indian Enterprises Can Stay Ahead

Phishing has always been the attacker’s weapon of choice. It is cheap, scalable, and devastatingly effective. But something shifted in late 2023 and accelerated through 2024–2025: threat actors began weaponising large language models (LLMs) and generative AI to craft phishing lures that are grammatically flawless, contextually convincing, and hyper-personalised at scale. For Indian enterprise IT leaders, the consequences are severe—and the old defences are no longer sufficient.

Why AI Changes the Phishing Equation

Traditional phishing relied on volume: spray millions of poorly-worded emails and hope a fraction land. Security awareness training taught employees to spot telltale signs—awkward phrasing, generic salutations, suspicious domains. AI erases most of those tells.

What Attackers Are Doing Differently

  • LLM-generated spear-phishing: Attackers feed publicly available LinkedIn profiles, press releases, and company filings into LLMs to produce personalised emails addressed by name, referencing real projects or suppliers. A finance executive at a Pune manufacturer receives an email that mentions the company’s new ERP rollout by name—because the attacker scraped it from a vendor blog post.
  • Voice cloning and vishing: Deepfake audio tools can clone a CEO’s voice from as little as 30 seconds of publicly available audio. Combined with an urgent wire-transfer request, this is BEC (Business Email Compromise) taken to a new level.
  • Polymorphic malware delivery: AI rewrites malicious payloads on-the-fly so that each variant looks different to signature-based scanners, reducing detection rates dramatically.
  • Automated OSINT reconnaissance: Tools like FraudGPT and WormGPT (available on dark-web forums) automate target research, draft lures, and even suggest evasion techniques—lowering the skill floor for attackers significantly.

The Indian CERT (CERT-In) has flagged a measurable rise in spear-phishing campaigns targeting banking, financial services, pharmaceuticals, and critical infrastructure sectors throughout 2024–2025. The 6-hour mandatory incident reporting rule under the CERT-In Directions 2022 means that when a successful phishing attack leads to a breach, organisations have very little time to respond—making prevention and early detection existential priorities.

The Indian Enterprise Attack Surface

Several factors make Indian enterprises particularly attractive targets for AI-powered phishing campaigns.

Rapid Digital Adoption Without Security Parity

India’s enterprise sector has accelerated cloud migration, remote work enablement, and digital supply-chain integrations—often faster than security controls could keep pace. This creates a fertile ground for credential-harvesting campaigns that exploit newly connected SaaS environments.

High Workforce Turnover in IT Roles

Frequent staff changes mean new employees—who are statistically the most susceptible to phishing—are a near-constant presence. Onboarding processes that do not embed security awareness create a revolving door of vulnerability.

Complex Supply Chains

A Tier-1 manufacturer in Chennai may work with hundreds of SME suppliers. Attackers compromise a smaller, less-defended supplier and use that trusted relationship to pivot into the enterprise—a classic vendor impersonation or email-thread hijacking scenario.

DPDP Act Compliance Pressure

The Digital Personal Data Protection Act, 2023, creates financial and reputational exposure for organisations that suffer breaches involving personal data. Phishing is the most common initial access vector for such breaches, meaning DPDP compliance and anti-phishing capability are now directly linked.

Why Traditional Defences Fall Short

Most organisations still rely on a combination of:

  • Secure Email Gateways (SEGs) with static rule sets and signature-based detection
  • Annual or quarterly security awareness training
  • Multi-factor authentication (MFA) on primary identity systems
  • DNS/URL filtering at the perimeter

Each of these has value, but none was designed for the AI-augmented threat environment:

  • Static rule sets cannot keep pace with polymorphic lures that change on every send.
  • Awareness training loses efficacy when lures are personalised and grammatically perfect—humans cannot reliably distinguish AI-generated text from legitimate correspondence at scale.
  • MFA bypass techniques—adversary-in-the-middle (AiTM) proxies like Evilginx2, real-time phishing kits that intercept OTPs—have matured rapidly, making MFA necessary but no longer sufficient.
  • Perimeter filtering is blind to attacks that originate from legitimate-but-compromised cloud services (SharePoint, OneDrive, Google Drive) or use domain-fronting techniques.

A Layered Defence Strategy for 2025

Defending against AI-powered phishing requires a defence-in-depth approach that combines technology, process, and continuous monitoring.

1. Advanced Email Security with AI-Native Detection

Deploy an email security platform that uses behavioural AI and Natural Language Processing (NLP) to analyse message intent, not just syntax. Solutions like FortiMail apply multi-layer inspection including sender reputation, link sandbox detonation, attachment sandboxing, and anomaly detection on message content and metadata. FortiMail integrates with the Fortinet Security Fabric, feeding threat intelligence into your NGFW and SIEM in real time.

2. DNS-Layer Protection and Web Filtering

Block phishing domains before a connection is established. FortiGate NGFWs with Web Filtering and DNS Security profiles can block newly registered domains, look-alike domains, and known phishing infrastructure—intercepting the attack even if a user clicks the link.

3. Phishing-Resistant MFA

Transition from OTP-based MFA to phishing-resistant standards: FIDO2 hardware tokens, passkeys, or certificate-based authentication. These methods are immune to AiTM proxy attacks because they bind authentication to the legitimate domain cryptographically.

4. Zero Trust Network Access (ZTNA)

Assume that credentials will eventually be compromised. A Zero Trust posture enforces least-privilege access, continuous session validation, and micro-segmentation. Even if an attacker obtains valid credentials via phishing, ZTNA limits lateral movement and blast radius. Fortinet’s ZTNA solution integrates with FortiGate and FortiClient for a unified enforcement model across on-premises and cloud environments.

5. 24/7 SOC Monitoring and Threat Hunting

Technology controls generate alerts; human analysts close the loop. A 24/7 Security Operations Centre (SOC) with trained analysts monitoring your SIEM/SOAR can detect anomalous behaviour patterns—unusual login locations, off-hours data access, lateral movement—that indicate a phishing attack has succeeded and is in progress. Speed matters here: CERT-In’s 6-hour reporting window means your SOC must detect and escalate quickly.

6. Continuous Security Awareness and Simulation

Shift from annual training to continuous, adaptive programmes. Run regular simulated phishing campaigns using AI-generated lures (yes, use the same tools as the attackers) to train employees to be appropriately sceptical. Track click rates by department and tailor training to high-risk cohorts.

7. Incident Response Readiness

Define and rehearse your phishing incident response playbook. Key steps:

  • Credential reset and session revocation within minutes of suspected compromise
  • Email quarantine and user notification
  • Forensic review of mailbox access logs and forwarding rules (a common attacker persistence mechanism)
  • CERT-In notification within 6 hours if personal data may be affected
  • Communication to affected stakeholders under DPDP Act obligations

Indicators of Compromise to Watch For

Your SOC team should treat the following as high-priority alerts:

  • Login from a new geography or device shortly after an email link click
  • Creation of new email forwarding rules to external addresses
  • Bulk download of files from OneDrive/SharePoint/Google Drive
  • OAuth application consent grants to unfamiliar third-party apps
  • Password-change or MFA-reset requests not initiated by the user
  • Outbound connections to newly registered domains (< 30 days old)

Building Resilience: A Practical Checklist for CISOs

Security is not a project, it is a programme. AI-powered threats require AI-assisted, continuously evolving defences.

  • ☑ Deploy AI-native email security (FortiMail or equivalent) with sandboxing enabled
  • ☑ Enable DNS-layer filtering on all endpoints and branch offices
  • ☑ Migrate high-value users to FIDO2 / passkey MFA within 90 days
  • ☑ Implement ZTNA for all remote and third-party access
  • ☑ Enrol in 24/7 managed SOC services with CERT-In-aware escalation procedures
  • ☑ Run monthly phishing simulations with AI-generated lures
  • ☑ Review and test your incident response playbook quarterly
  • ☑ Conduct annual tabletop exercises including a phishing-as-initial-access scenario
  • ☑ Document your DPDP Act data-breach notification workflow

How PJ Networks Helps

PJ Networks is India’s trusted managed security partner, delivering end-to-end protection against modern phishing threats:

  • FortiMail deployment and management: We design, deploy, and operate Fortinet’s enterprise email security platform tailored to your organisation’s mail flows, compliance requirements, and threat profile.
  • FortiGate NGFW with Web and DNS Filtering: Our engineers configure and manage FortiGate firewalls to block phishing infrastructure at the network layer across all your locations.
  • 24/7 NOC and SOC: Our India-based operations centres provide round-the-clock monitoring, alert triage, and incident response—with the speed needed to meet CERT-In’s 6-hour reporting requirement.
  • ZTNA rollout and management: We implement Fortinet ZTNA to enforce least-privilege access and limit the impact of credential compromise.
  • MSSP services: From policy design to compliance reporting, PJ Networks acts as your extended security team, bridging the skills gap without the cost of building a large in-house function.

AI-powered phishing is not a future threat—it is today’s reality for Indian enterprises. The question is not whether your organisation will be targeted, but whether your defences are ready to detect, contain, and recover when it happens. Speak to a PJ Networks security architect to assess your current email security posture and build a roadmap to resilience.

Leave a Reply

Your email address will not be published. Required fields are marked *