BI.ZONE Experts: AI and Deepfakes Made Phishing More Precise and Dangerous in 2026

Phishing in 2026 has become noticeably smarter: mass emails haven't gone anywhere, but the main growth is now in personalized, multi-stage attacks using AI and deepfakes. BI.ZONE experts say that technology has changed the packaging of fraud, but not the fundamental logic of defense: verification, a second communication channel, and 2FA still solve much.

How Phishing Changed

AI has dramatically reduced attack preparation costs. While attackers used to be forced to mass-produce generic emails, now they collect open data about a person and tailor the message to their job, social circle, and familiar services. Deepfakes amplify the effect: a forged voice, a similar face, and a familiar manner of speech help build trust faster.

Scenarios work particularly well when the attacker impersonates a relative, colleague, or boss and demands immediate action. Channels have also become more precise. To reach a mass audience, fraudsters turn to social networks and messengers, create thematic chats, message people privately, and leave links in comments.

But for business, email remains the critical entry point: according to BI.ZONE data, 64% of targeted attacks on companies in Russia and the CIS begin with phishing emails. Phone and video calls add what text lacks—pressure, a sense of urgency, and the illusion of personal contact, which makes the victim decide impulsively faster.

What Schemes Work

According to BI.ZONE observations, since October 2025 there has been a noticeable increase in fraudsters' interest in messenger accounts and personal government services portals. In parallel, the Ghost invoice scheme is growing: attackers register domains similar to major company websites, send commercial offers, and slip in fake invoices. For the victim, it looks like a routine purchase, but for the company being copied, it ends in reputational damage. From this comes the set of the most effective scenarios currently used most often.

• Fake notifications from banks, tax services, and government services
• Fake Boss, when an employee receives a message from a "manager" and is prepared for a call from "law enforcement" or a regulator
• TOAD schemes, where the victim is asked to call back themselves, bypassing anti-spam calls
• QR codes in crowded places leading to fake forms
• Phishing mobile applications imitating original services

A separate trend is the industrialization of phishing. Phishing-as-a-Service lowers the barrier to entry: ready-made platforms help deploy fake pages, adapt them to user behavior, and even bypass some MFA scenarios. Combined with generative AI, this turns phishing into a conveyor belt. At the same time, the number of phishing websites in the first quarter of 2026 dropped to 12,500 against 17,500 a year earlier, but this doesn't mean threats have decreased: fraudsters are shifting to more complex and profitable multi-stage attacks.

What Helps Defend

For the average user, basic rules are still more effective than any exotic measures. It's important to click only on official addresses, not open attachments and links from unexpected messages, and double-check urgent requests through another communication channel. If you receive a voice or video message from a familiar person asking for money, you need to look for inconsistencies: strange facial expressions, unnatural intonation, low recording quality, unusual phrasings. And of course, it's better to enable two-factor authentication through an app rather than rely only on SMS.

"If something looks suspicious—it's better to double-check through

official channels."

For companies, defense has long since gone beyond anti-spam. You need secure communication channels, regular employee training, and additional checks in critical processes. The principle of "second hand" works well, when a transfer, change of details, or access grant is confirmed by another trusted employee.

Plus you need tools to detect deepfakes, clear regulations, and quick response to incidents before the attack has time to pass through all stages of the chain. Multi-stage schemes are particularly dangerous because each individual step can look harmless. First comes an "erroneous transfer," then intimidation begins, then the victim is persuaded to transfer money further or hand it to a courier.

In other scenarios, SMS bombing is used: a person is flooded with messages, and then they are called on behalf of the bank and offered to urgently "save" their account. Such a pressure theater is designed not for technical vulnerability, but for fatigue and anxiety.

What This Means

Phishing in 2026 is no longer just a fake email, but a service economy of fraud, amplified by AI, deepfakes, and ready-made platforms. According to BI.ZONE's estimate, in 2025 alone, the damage from such schemes exceeded 18 billion rubles. For users and businesses, the conclusion is simple: the winner is not the one with the most fashionable tools, but the one whose verification, discipline, and healthy skepticism kick in faster.