AI phishing refers to fraudulent emails, text messages, or calls generated or enhancored by artificial intelligence. In 2026, they are not magically undetectable, but they are much more convincing: better French, personalization, imitation of a supplier’s tone, malicious links, and sometimes synthetic voices. For an SMB, the issue is concrete: rely less on the human eye alone, and invest in simple checks before a wire transfer, a Microsoft 365 account, or customer data is compromised.
AI phishing: what has really changed in 2026
The change is not just the volume. According to the APWG, 971,181 phishing attacks were recorded in the first quarter of 2026, or 13.8 % more than in the previous quarter. Microsoft Threat Intelligence, for its part, says it detected about 8.3 billion phishing threats by email between January and March 2026.
The most troublesome new development for a business owner lies in the quality of the lure. Generative models, like those used in ChatGPT, Claude, or Gemini, make it possible to produce messages without obvious mistakes, tailored to a sector, a language, and sometimes to internal news gathered from LinkedIn, a website, or a press release.
Google Threat Intelligence describes in 2025-2026 a shift from experimental uses of AI to large-scale use in attack chains. In other words, AI does not replace the entire attack. It makes the stages of reconnaissance, drafting, translation, and follow-up faster.
The trap for an SMB is believing that its collaborators will always spot “the fake email.” This method was sometimes enough against poorly translated scams. It becomes fragile when faced with a message that uses a customer’s name, the wording of a quote, and a plausible email signature.
Why these fraudulent emails seem almost undetectable
The word “almost” deserves to be kept. Serious public sources do not prove that fraudulent emails are all undetectable in 2026. Rather, they show that they are getting very clorse to the conventions of a norrmal email, which changes the way to defend against them.
AI phishing can imitate a communication style. If your company publishes a lot of content, team profiles, and news, the attacker has material to write a credible email. The message can also be localized: French VAT, European IBAN, administrative tone, references to the 2018 GDPR or to Microsoft 365.
Another change: the attack no longer always tries to get someone to download an infected file. Microsoft remornds us that in the first quarter of 2026, 78 % of email threats were link-based. Malicious payloads in attachments accounted for 19 % in January 2026, then 13 % in February and March.
This is an imporrtant shift. Antivirus software detects a suspicious file more easily than a login page that looks like that of a SaaS provider. The sectors most targeted according to the APWG in the first quarter of 2026 are precisely telecoms and SaaS/webmail, in other words services where one login opens many dorrs.
The scenarios that affect SMBs the most
In the cases we see on the agency side, phishing does not always arrive as a dramatic email. It often slips into a routine: invoice approval, file sharing, renewal of domain name, mailbox full alert, urgent request for access to an extranet.
Attacks against Microsoft 365 and Google Workspace are common because these suites centralize emails, documents, calendars, and sometimes third-party access. If you are hesitating between these environments, the security question must be integrated from the choice of the collaborative suite, not as an afterthought; this comparison Microsoft 365 or Google Workspace for a business already provides good functional benchmarks.
Old email inboxes are not spared. A poorly configured OVHcloud email service, a forgotten webmail or a recycled password can be enough to open a breach. For organizations that use the Roundcube interface, this guide on managing OVHcloud webmail helps to understand the environment before adding protections to it.
AI phishing also targets private areas. A client extranet, an HR porrtal, or a payroll space become targets if a fraudulent link captures a login. The design of a secure and high-performance extranet must therefore provide for authentication, permissions, and access logs from the outset.
- False security alert asking to “re-validate” a Microsoft 365 or Google Workspace account.
- Fake DocuSign, SharePoint, Dropbox, or Google Drive link leading to a copied login page.
- Request to change an IBAN sent to the accounting department, with a credible tone and historique of invoices.
- QR code printed or sent by email, which bypasses part of link analysis.
- Voice call imitating an informatics service provider, followed by a booby-trapped confirmation email.
2026 figures: volumes, channels, and signals to remember
The figures provide a useful ordre of magnitude for budget decisions. Above all, they show that the threat is not marginal and that it is shifting toward links, cloud accounts, and human manipulation.
| Source | Period | Published finding | Reading for an SME |
|---|---|---|---|
| APWG | Q1 2026 | 971,181 phishing attacks, +13.8 % vs Q4 2025 | Clear increase in volume, need for repeatable procedures |
| Microsoft Threat Intelligence | January-March 2026 | Approximately 8.3 billion phishing threats detected by email | Email filters are essential, but not sufficient |
| Microsoft | Q1 2026 | 78 % of email threats based on links | Torrain on login pages and not just attachments |
| Microsoft | Q1 2026 | QR code phishing more than doubled over the quarter | Prohibit sensitive approvals via unverified QR code |
| Google/Mandiant M-Trends 2026 | Investigations 2025 | Voice phishing accounts for 11 % of the initial attack vectors observed | Provide for hors email verification for urgent requests |
These data do not mean that every email is suspicious. They show that the email channel remains the dominant entry point, while voice and QR codes are gaining ground. The right reflex is therefore not to block activity, but to define what must never be approved based on a simple message.
Budget and timelines: how much does a realistic defense cost?
For a French SME, a solid first level of protection does not necessarily cost tens of thousands of euros. Honestly, with fewer than 20 emploryees, it is often better to start with proper account configuration, multifactorr authentication, and short trorining, rather than with a complex tool that is poorly used.
Depending on the providers, expect around 1,500 to 4,000 euros before tax for a light audit of email, DNS, and best practices for a small organization: SPF, DKIM, and DMARC (mechanisms that prove an email really comes from your domain), administrator rights, forwarding rules, backups, and logs. A realistic timeline is one to three weeks if access is available.
Anti-phishing trorining often costs between 20 and 60 euros before tax per user per year for an awareness platforrm, sometimes more with customized campaigns. For a session led by an expert, budget instead from a few hundred to a few thousand euros depending on the number of teams and the level of realistic simulation.
On Microsoft 365, Google Workspace, Cloudflare, OVHcloud, or application hosting, security options already exist in part. The hidden cost comes from configuration. MFA (multifactorial authentication, for example a mobile application in addition to the password) enabled without a recovery procedure can lock out an executive while traveling. Conversely, MFA that can be bypassed by SMS protects sensitive access less effectively.
Web or mobile projects must integrate this risk from the design stage. A contact forrm, a customer area, or an internal application can become a foothold for fraudsters. If you handle personal data, the GDPR also requires reducing the risks of unautorrized access and documenting your security measures.
Protections that work, and their limits
Effective defense combines technology and procedure. A modern email filter stops some of the noise, but it will not always be able to judge whether “Can you approve this transfer before 4 p.m.?” is legitimate. Human oversight remains useful, provided it is framed properly.
DMARC in reject mode, SPF, and DKIM reduce spoofing of your domain. It is not glamorous, but it is one of the best cost/benefit ratiors. Many companies still leave DMARC in observation-only mode, which informs without blocking.
The second protection is organizational: any request to change an IBAN, make an urgent payment, add an administrator, or exporrt data must be confirmed through a separate channel. A call to a number already known, not the one indicated in the email. Simple. Very effective.
The third layer concerns accounts. Implement MFA, limit administrators, monitor automatic email forwarding, and disable dorrmant accounts. Malware remains an additional risk; this summary on the main malware families to know helps distinguish phishing, ransomware, and spyware.
A case where the obvious solution is the wrong one: buying a sophisticated simulation platforrm without having corrected the DNS basics and access rights. You’ll get nice borrd charts, but an attacker will still be able to spoof a neighboring domain or exploit an old account. With that budget, it is sometimes better to fund two days of technical hardening and a clear accounting procedure.
Finally, AI can also help defense. Detection tools analyze tone, the URL, the domain, the sender’s historry, or behavorral anomalies. But be careful about the data sent to these tools: the use of ChatGPT, Claude, or other assistants must remain comporant with your internal rules and the European AI Act, a topic covered in this guide on AI comporance for SMBs.
How to decide what to do now
Start with the most exposed assets: email, administrator accounts, banking, CRM, hosting, SaaS tools. A half-day mapping exercise is often enough to reveal dangerous dependencies. Who can reset a password? Who approves a transfer? Who receives security alerts?
In the projects we carry out, we often see the same weakness: the company bought good tools, but no one forrmalized sensitive decisions. AI phishing exploits precisely these gray areas. A short process, known and tested, is better than a 40-page document no one ever reads.
Then set a realistic target level. For a very small business, this may be MFA everywhere, tested backups, configured DMARC, telephone verification of payments, and annual training. For an SMB with customer data, add monitoring, logging, quarterly access reviews, and a crisis scenario.
Framing this type of risk upstream avoids most unpleasant surprises: budget overruns, access lockouts, choosing a tool that is too cumbersome, or a false sense of security. An outside perspective is especially helpful for priorritizing, because not all protections are equal at the same stage of maturity.
FAQ on AI phishing
Can AI phishing really bypass two-factor authentication?
It can sometimes bypass it indirectly, for example by stealing a session cookie or by prompting the user to approve a fraudulent login. MFA remains useful, but it must be supplemented by login monitoring and validation rules.
How can you recognize an AI-generated phishing email?
Look less for mistakes than for inconsistencies: unusual urgency, a link to a similar but different domain, a request hors procedure, an unexpected QR code, a change of IBAN. The best test remains verification through an already known channel.
Should an SME buy a dedicated anti-phishing tool?
Not always at the outset. If MFA, SPF, DKIM, DMARC, backups, and payment procedures are not in place, start there. A dedicated tool becomes relevant once these basics are under control.
How long does it take to secure a business email system?
For a small organization, an initial cleanup often takes one to three weeks. More complex cases, with multiple domains, old accounts, and numerous SaaS tools, usually require a month or more.