In March 2025, a finance director at a Singapore firm joined a routine Zoom call with the company's CFO and two senior colleagues. The call ended with a US$499K wire transfer. Every face on that call, voice included, was a deepfake. The director never spoke to a real human. That single incident captures where phishing sits in 2026: the email is real, the voice is real, the thread is real, and the request is the only fake thing in the room.
If your team's anti-phishing instincts are built around "check the sender, hover the link, look for typos," you are doing a good job, but it may not be enough to protect you. The tactics below are what your staff will actually face this year.
Why 2026 phishing breaks the old playbook
Two numbers set the stage. The FBI's 2024 IC3 report logged $16.6B in reported cybercrime losses, a 33% jump year over year, with phishing and spoofing the single most-reported complaint category. The Verizon 2025 DBIR found a human element involved in roughly 60% of breaches.
Generative AI has made the process much easier for attackers. The timeline from idea to execution is much shorter, the believability is higher, and AI squashed the typos. Reverse-proxy kits removed MFA as a guarantee. Voice cloning removed "I'd recognize my CEO's voice." Malicious QR codes (also called quishing) routed the attack through a personal phone your security stack never sees. The defender's job in 2026 is less about spotting fakes and more about controlling process: verification, approval, and out-of-band confirmation.
What does deepfake voice and video phishing look like now?
A workable voice clone needs about three seconds of source audio, the length of a voicemail greeting. Voice-fraud researchers at Pindrop tracked deepfake-enabled vishing rising more than tenfold across late 2024 and early 2025, and the FBI's 2024 IC3 report counted more than 22,000 AI-related fraud complaints totaling over $893M.
The Singapore case above is not a one-off. In 2024, engineering firm Arup lost $25M after a finance employee joined a video call with what looked like the company's CFO and other executives. Every participant except the victim was synthetic. The pattern is consistent: urgency, secrecy, an unusual payment instruction, and a senior face on camera who insists on speed.
Why it matters for you: if your wire approval process can be overridden by a convincing executive on a video call, you do not have a wire approval process. You have a suggestion.
How does QR-code phishing (quishing) bypass your filters?
A QR code in an email, PDF invoice, or "MFA re-enrollment" notice routes the victim's phone to a credential-harvesting page. Because the link lives inside an image and resolves on a personal device, it sidesteps the email gateway entirely. Microsoft Threat Intelligence's Q1 2026 phishing analysis clocked a 146% rise in quishing year over year, and Microsoft's 2025 Digital Defense Report noted QR-based phishing emails growing from roughly 47,000 in August to 249,000+ in November 2025. Roughly 12% of phishing now contains a QR code.
The detail that should bother you most: per Abnormal Security, C-level executives are around 40 times more likely to fall for quishing than the average user. Executives travel, scan codes on parking meters and restaurant menus, and are conditioned to act quickly. That is exactly the muscle memory the attacker is renting.
Why it matters for you: scanning a work-related QR code on a personal phone is now a credential-handling event. Treat it like one.
What is AiTM, and why doesn't MFA stop it?
Adversary-in-the-Middle (AiTM) phishing kits act as a reverse proxy between your user and the real Microsoft 365 or Google login page. The user types the password. The user approves the MFA prompt. The kit silently captures the post-login session cookie, and the attacker logs in as that user with no second prompt and no alarm. Phishing-as-a-Service kits like Tycoon 2FA and EvilProxy industrialized this through 2025, and identity vendor Veriff reported a 46% year-over-year rise in AiTM-style account-takeover incidents.
The blunt takeaway, echoed by CISA's phishing-resistant MFA fact sheet, is that SMS codes and app-push MFA are no longer sufficient on their own for high-value accounts. Phishing-resistant MFA, meaning FIDO2 security keys or passkeys, is the only category that holds up here, because the cryptographic handshake is bound to the legitimate domain. A reverse-proxy site cannot replay it.
Why it matters for you: "we have MFA" stopped being a complete sentence about two years ago. The question now is which kind.
How does conversation hijacking turn your real vendors into the threat?
This is the tactic that breaks the most training. An attacker quietly compromises one of your vendors' mailboxes, sits inside the real thread you have been emailing on for weeks, and replies with updated wire instructions. The sender is genuine. The domain is genuine. The thread history is genuine. The only thing that changed is the routing number.
Vendor Email Compromise rose roughly 66% in the first half of 2024 according to Abnormal AI, and Business Email Compromise overall climbed about 15% year over year in 2025 per SpiderLabs. The FBI attributed $2.77B in 2024 losses to BEC alone. URL inspection, sender verification, and "does this look right" instincts all fail here, because everything does look right.
The email is real. The thread is real. The request is the only thing that's fake.
Why it matters for you: any change to payment details, from anyone, deserves a phone call to a number you already had on file. Not the number in the signature block.
Two more tactics deserve a quick mention. Callback phishing, sometimes called TOAD (telephone-oriented attack delivery), sends a clean PDF invoice with no link, just a phone number, and walks the victim into installing AnyDesk or Quick Assist. Roughly 10 million TOAD attempts hit inboxes per month in 2025, most often impersonating Microsoft, DocuSign, or PayPal.
LLM-written spear-phishing is the other one to know. Per Microsoft's 2025 Digital Defense Report, AI-written lures now hit a 54% click-through rate against 12% for human-written ones, and generative AI has cut drafting time from about 16 hours to 5 minutes, per IBM. The "look for typos" era is coming to an end.
Red flags worth teaching your team
Your staff should be on the alert for these seven red flags in every sms, email, and call:
- Any payment, wire, gift-card, or "urgent CEO" request that bypasses your normal approval process, no matter who is asking.
- A reply inside an existing email thread that suddenly contains new bank or wire details.
- A QR code in an email, PDF, or "MFA re-enrollment" notice. Never scan a work QR code with a personal phone.
- An email with no link and no attachment, just a phone number to call about a charge, renewal, or refund.
- A login page that prompts MFA for something you didn't start, or prompts twice in quick succession.
- A voice or video call from an executive that combines secrecy, urgency, and an unusual payment instruction.
- Any request to install a remote-support tool (AnyDesk, ScreenConnect, TeamViewer, Quick Assist) following an email or unsolicited Teams message.
What still works, and what doesn't anymore
A few defenses have aged well. Phishing-resistant MFA (FIDO2 keys, passkeys) holds up against AiTM. Out-of-band verification of any payment change, on a number you already had, defeats VEC and deepfake calls in one move. Properly enforced DMARC, SPF, and DKIM still cut a meaningful share of impersonation. Continuous, scenario-based training beats the annual click-quiz by a wide margin. And 24/7 monitoring catches the session-cookie hijack that the user never noticed.
What has changed: "check the sender and hover the URL" still works well for low effort drive-by phishing, but is useless when the sender is a real compromised vendor or a synthetic CFO. "Look for typos and bad grammar" stopped being a tell when generative AI started writing the lures. SMS and app-push MFA, on their own, no longer clear the bar for finance, executive, or admin accounts. And spotting deepfakes by visual artifacts is unreliable, because the 2026 generation of video models is clean enough that the artifacts most people are trained to look for are gone.
What we'd actually do this quarter
If we were sitting across the table from you, three moves would top the list:
- Roll passkeys or FIDO2 keys to your finance team, your executives, and anyone with admin rights in Microsoft 365 or Google Workspace. That single change neutralizes most AiTM attempts against your highest-value accounts.
- Write down a payment-change verification rule and put it in your AP workflow. Any change to wire details requires a callback to a pre-existing number. Full stop. No exceptions for urgency.
- Run one tabletop exercise this quarter on a deepfake voice scenario. Not a slide deck. An actual fifteen-minute walkthrough with your finance lead and an executive on the call.
That's it. Three things, none of them require a new product, all of them close the gaps the 2026 tactics are exploiting hardest. If you'd rather have someone else build the security training program and the verification process for you, that's roughly half of what we do.
If any of this resonates, or you want a second pair of eyes on where your business actually sits against these tactics, get in touch. Happy to talk it through.