Back to ResourcesSecurity Guide

Defending Against AI Phishing and Deepfake Fraud

Practical controls and employee training steps to counter AI-generated phishing and deepfake-enabled wire fraud, the fastest-growing category of social engineering risk in 2026.

Technical controls

  • Adopt phishing-resistant multi-factor authentication (hardware security keys or platform authenticators) for all privileged and finance-adjacent accounts.
  • Implement email authentication standards (SPF, DKIM, DMARC) to reduce domain spoofing.
  • Deploy anomaly-based email filtering that flags unusual sender behavior, not just known-bad indicators.

Process controls

  • Require out-of-band verification, a callback to a known, pre-verified number, for any payment, wire transfer, or account change request.
  • Set clear dual-approval thresholds for financial transactions that cannot be overridden by claimed urgency.
  • Establish a documented process for employees to report suspected deepfake or AI-generated content without fear of slowing down legitimate business.

Awareness and training

  • Update security awareness training to specifically cover voice and video deepfakes, not just traditional email phishing indicators.
  • Run simulated exercises that include a realistic voice-phishing scenario, not only simulated phishing emails.
  • Brief executives and finance staff directly, they are the most frequently targeted roles in AI-assisted BEC attempts.