Cybersecurity in the AI Era: How to Recognize AI Phishing and Deepfake Attacks

In 2025, Slovak companies saw a record increase in phishing attacks. This shouldn't be surprising – attackers now have tools they could only dream of a few years ago. Large language models generate convincing emails without grammatical errors. AI can clone a voice from just 3 seconds of recording. Deepfake videos are increasingly indistinguishable from reality. According to the ENISA 2025 report, the number of AI-assisted phishing attacks in the EU increased by 135%.

Cybersecurity is no longer just about firewalls and antivirus software. It's about whether your people can recognize a sophisticated attack.

What AI Phishing Looks Like in 2026

Traditional phishing was relatively easy to spot: poor grammar, suspicious sender, generic message. AI phishing is a different league:

Personalized Emails

AI can analyze publicly available information about the target (LinkedIn profile, company website, social media) and create an email that looks like it was written by a specific person from the company. No typos, the right tone, relevant context.

Perfect Language

One of the traditional warning signs was poor language in phishing emails. With LLM models, this warning disappears. AI generates fluent, grammatically correct text including industry terminology.

How many of your employees would be able to distinguish a perfectly written phishing email from a real internal message?

Contextual Attacks

Attackers combine AI with OSINT (open source intelligence) – they monitor public procurements, company changes, financial statements. The phishing email then arrives at the right time with relevant content.

Deepfake: When the Boss Calls and It's Not the Boss

In 2025, cases emerged where attackers used deepfake voices for calls to managers:

• The "CEO" calls requesting an urgent transfer
• A "supplier" calls with new banking details
• "IT department" calls requesting login credentials

Just a few seconds of publicly available voice recording (podcast, video, conference recording) and AI creates a convincing deepfake. Combined with phone number spoofing, the attack is nearly perfect.

How to Defend: Technical Measures

Email Security

• SPF, DKIM, DMARC as the foundation for sender verification
• AI-powered email filtering for analyzing content and behavioral patterns
• Link sandboxing for automatic link verification in a safe environment

Multi-Factor Authentication

• MFA on all critical systems
• Hardware keys (FIDO2) for the most sensitive access
• Biometrics as an additional factor

Zero Trust Architecture

• Verify every access, not just at the perimeter
• Minimum privileges (least privilege)
• Continuous anomaly monitoring

How to Defend: Internal Procedures

Technology alone isn't enough. Without established internal procedures, it's only half the solution:

Verification Protocol for Financial Operations

• No transfer above a defined amount without second-channel verification
• Callback to a verified number (not the number from the email)
• Dual signature for changes to supplier banking details

Reporting Suspicious Messages

• Simple way to report a suspicious email (button in the email client)
• No penalties for false alarms – better to report 10 false ones than miss 1 real one
• Quick feedback from the security team
• Monthly reports on the number of reported messages and their evaluation

Regular Training

• Simulated phishing campaigns (not as punishment, but as training)
• Updated examples of real attacks
• Special training for management and finance departments

Security in Our Projects

A few months ago, while developing an application for a banking client, we implemented a mechanism that automatically flags email requests to change banking details and requires phone verification. In the first month, it caught three suspicious attempts. We implement security measures directly into applications, from MFA through audit logs to anomaly detection. We operate on the principle that an attacker will get in. The question is what happens next.

Checklist for Your Company

• [ ] Do you have SPF, DKIM, and DMARC set up for your email domain?
• [ ] Do you use MFA on all critical systems?
• [ ] Do you have a defined procedure for verifying financial operations?
• [ ] Have your employees completed security training in the last 6 months?
• [ ] Do you have a simple way to report suspicious messages?
• [ ] Do you have an incident response plan in case of a successful attack?

If you answered "no" to more than two questions, it's time to act. Contact us – we'll help you set up processes and tools so your company isn't an easy target.