



Phishing has always been the attacker’s favourite entry point — simple, scalable, and brutally effective. But in 2025, AI-generated phishing has crossed a threshold that Indian enterprise security teams can no longer afford to underestimate. Gone are the days of broken-English emails asking for urgent wire transfers. Today’s AI-crafted lures are grammatically flawless, contextually aware, personalised to the recipient’s role and organisation, and in some cases indistinguishable from genuine internal communications.
For Indian CISOs and IT leaders managing dispersed workforces, multi-cloud environments, and compliance obligations under the DPDP Act and CERT-In directives, the AI phishing wave demands a strategic — not just tactical — response. This post breaks down what has changed, why it matters in the Indian context, and exactly how a layered defence anchored by FortiMail and FortiGate NGFW can stop these attacks before they reach the inbox.
Traditional phishing campaigns relied on bulk blast techniques: one template sent to millions of addresses, hoping a small fraction would click. Detection was relatively straightforward — static signatures, known-bad domains, and obvious grammar errors did most of the heavy lifting.
Modern AI-powered phishing is fundamentally different in three ways:
Attackers now feed large language models (LLMs) with data scraped from LinkedIn, company websites, social media, and previously breached datasets. The result is a spear-phishing email that references the target’s actual job title, recent company announcements, the names of their colleagues, and even their communication style — all generated automatically for thousands of targets simultaneously. What used to require hours of manual reconnaissance per victim now takes seconds per batch.
AI is also being used on the infrastructure side. Malicious domains are registered in bulk, aged briefly, and rotated before reputation engines can flag them. Phishing kit source code is obfuscated differently for every campaign, evading file-hash detection. PDFs and Office documents carry macro-free exploits or QR codes that redirect through legitimate cloud services — making URL filtering vastly harder.
Business Email Compromise (BEC) is now complemented by AI-synthesised voice calls (vishing) and WhatsApp messages that impersonate senior executives with convincing audio clones. In a 2024 incident widely reported in the financial sector, a finance employee in a multinational’s regional office transferred funds after receiving what appeared to be a video call from the CFO — generated entirely by AI deepfake tools. India’s dense corporate WhatsApp culture makes this threat particularly acute.
Several factors make Indian enterprises especially attractive targets for AI phishing campaigns:
Most organisations still rely on first-generation email security — either a basic cloud spam filter or an ageing on-premise gateway. These solutions were engineered for a threat landscape that no longer exists. Their core limitations against AI phishing include:
The gap between what legacy tools catch and what AI phishing delivers is the breach opportunity attackers are actively exploiting.
FortiMail is Fortinet’s purpose-built email security gateway, and it is the centrepiece of PJ Networks’ recommended defence against AI-powered phishing. Here is what makes it effective against 2025-era threats:
FortiMail is backed by FortiGuard Labs, Fortinet’s global threat intelligence organisation, which processes billions of threat signals daily. The platform uses AI and machine learning models trained on this corpus to identify novel phishing patterns — including zero-day campaigns — that have no prior signature. These models are continuously updated via FortiGuard subscriptions, meaning your defences evolve as the threat does.
Suspicious attachments and links are detonated in FortiSandbox — an isolated virtual environment that observes actual behaviour rather than relying on static analysis. PDFs, Office documents, archives, and executables are all evaluated. Critically, URLs embedded in QR codes and short links are expanded and assessed before delivery, closing one of the fastest-growing phishing delivery vectors.
FortiMail’s BEC detection engine analyses sender headers, domain authentication (DMARC, DKIM, SPF), display name spoofing, and historical communication patterns to flag executive impersonation attempts — even when the attacker uses a lookalike domain or a freshly registered address. AI-personalised spear-phishing aimed at CFOs, HR leads, and procurement teams is caught before it reaches the inbox.
Phishing is not only an inbound threat. If an employee account is compromised and begins sending phishing or exfiltrating data outbound, FortiMail’s Data Loss Prevention engine detects and blocks the outbound traffic — limiting blast radius and satisfying DPDP Act obligations to minimise breach impact.
Email security is the first line, but not the last. Once a phishing link is clicked, the attacker relies on the victim’s browser reaching a malicious site, downloading a payload, and establishing command-and-control (C2) communication. FortiGate NGFW cuts each of these steps:
FortiGate’s DNS filtering — also backed by FortiGuard — blocks resolution of malicious domains at the DNS layer, before any HTTP connection is even attempted. Web filtering with SSL inspection intercepts HTTPS traffic to newly registered or categorised-bad domains, catching the phishing landing page even if the email slipped through. This dual-layer approach means newly spun-up attacker infrastructure is caught at the network perimeter.
If malware is downloaded post-click, FortiGate’s IPS engine detects exploit attempts and malware communication signatures in real time. Application control can block access to shadow IT file-sharing tools that phishing kits increasingly use to host payloads (Google Drive links, OneDrive links, Dropbox) — without blocking legitimate enterprise use of those services, using fine-grained policy.
For organisations adopting ZTNA, FortiGate and FortiClient ZTNA ensure that even if a user’s credentials are phished, the attacker cannot move laterally through the network. Every resource access is continuously verified against device posture, user identity, and context — so stolen credentials alone are not enough to breach a segmented environment.
Deploying FortiMail and FortiGate together, managed by a 24/7 NOC/SOC, creates an integrated kill chain that covers phishing at every stage:
Technology alone cannot close the phishing gap. With AI generating increasingly convincing content, even trained employees will occasionally click. However, a security-aware workforce dramatically raises the attacker’s cost and shrinks the blast radius when a click does happen:
Phishing is the most common initial vector for data breaches. For Indian enterprises, that makes phishing defence inseparable from regulatory compliance:
CERT-In (April 2022 directive): Organisations must report cyber security incidents — including phishing attacks that result in data compromise — to CERT-In within six hours of becoming aware. A 24/7 SOC with FortiMail and FortiGate telemetry enables early detection and accelerates the timeline between awareness and reporting.
DPDP Act, 2023: A phishing breach that exposes personal data triggers obligations to notify the Data Protection Board and affected Data Principals. Organisations must also demonstrate reasonable security safeguards were in place. A documented, tested email security architecture — with logs, alerts, and incident timelines — is evidence of due diligence.
Without a managed security layer generating structured logs and alerts, meeting these obligations in the compressed six-hour window is operationally impossible for most IT teams.
AI-powered phishing is not a future threat. It is the current baseline. For Indian enterprise IT leaders, the question is not whether your organisation will be targeted — it is whether your defences can detect and block an attack that looks, reads, and behaves like legitimate communication until the moment it detonates.
The answer lies in layered, AI-backed controls: FortiMail at the email gateway, FortiGate NGFW at the network perimeter, FortiClient at the endpoint, and a human SOC team correlating signals around the clock. No single layer is sufficient; the combination is what closes the gaps that attackers probe.
PJ Networks has deployed this architecture across manufacturing, BFSI, healthcare, and IT/ITES enterprises across India, integrating FortiGate and FortiMail with 24/7 NOC/SOC operations that provide both real-time threat response and compliance documentation. If your organisation is assessing its exposure to AI phishing — or needs to demonstrate security controls under DPDP or CERT-In — our team can walk you through a current-state assessment and recommended roadmap.
Ready to assess your phishing defences? Contact PJ Networks to speak with a managed security specialist about FortiMail deployment, FortiGate policy hardening, or a full 24/7 SOC engagement tailored to your sector and compliance requirements.