AI phishing and deepfakes make business fraud more believable, faster, and harder to spot. Management, accounting, executive assistants, sales teams, and IT administrators are especially exposed because payments, access rights, and approvals converge in those roles. Protection does not come from fear-based communication, but from practical verification routines, defined approval paths, technical safeguards, and trained habits.
Why does AI phishing now affect management and accounting teams so directly?
For years, many phishing emails were easy to identify. Poor grammar, strange formatting, wrong logos, suspicious sender addresses, and generic wording were common red flags. That has changed. Generative AI can produce emails that sound like normal business communication. It can imitate tone, industry terminology, job roles, vendor relationships, and internal workflows.
Bring practical AI insight into your business routine
The KrambergAI AI Practice Briefing provides compact insights, practical use cases and relevant perspectives for companies that want to use AI in a structured and realistic way.
Curated pragmatically · Written for business practice · Made in Germany
This matters especially for mid-sized companies because many business decisions still rely on trust. The managing director contacts accounting. Sales sends a changed customer detail. An assistant coordinates a confidential appointment. An IT administrator receives what looks like a Microsoft security request. These ordinary situations are exactly what attackers exploit.
The attack often starts with research rather than malware. Criminals review websites, LinkedIn profiles, job postings, commercial register data, press releases, and email signatures. From that information, they build a message that does not look like mass phishing. It looks like a normal business request.
Axios reported in June 2026, based on Huntress data, that device-code phishing increased by 1,380 percent in the first four months of 2026 compared with the second half of 2025. The important point is not only that phishing texts are better. Entire attack workflows are becoming more automated. Source: https://www.axios.com/2026/06/23/ai-automation-phishing-emails-hackers
Which attack scenarios are realistic for mid-sized businesses?
A realistic attack against accounting rarely starts with a dramatic message. More often, the email is calm and businesslike. A supposed vendor reports a change of bank details. An invoice is resent. A project lead asks for a payment to be processed quickly because a delivery is at risk. The email may even contain correct project details because attackers obtained them from older emails, public references, or a compromised mailbox.
CEO fraud adds more pressure. A message appears to come from the managing director or owner. The tone is confidential. The request is unusual, but not impossible: “Please handle this today, I am going into a meeting.” With AI, this may go beyond email. A short voice call can follow. The voice sounds familiar. That is the real risk: people stop verifying because they believe they recognized the person.
In sales, the scenario looks different. A supposed customer sends an inquiry, asks the team to access a portal, or shares a link to tender documents. The link may lead to a fake Microsoft login page, or it may abuse a legitimate Microsoft flow through device-code phishing.
For IT administrators, the risk is even more severe. If an administrator account is compromised, the incident may no longer concern a single invoice. Mailboxes, Teams, SharePoint, OneDrive, calendars, forwarding rules, internal data, and customer communication may be affected.
Microsoft reported in May 2026 that a multi-stage phishing campaign targeted more than 35,000 users across more than 13,000 organizations in 26 countries. Source: https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/
Why can MFA still be bypassed?
Many companies believe multi-factor authentication solves the issue. MFA is important, but it is not a complete answer. Modern attacks do not always try to steal a password. They may trick users into approving legitimate prompts, entering device codes, or granting access to an application.
Device-code phishing is a strong example. The user may not land on a fake website at all. Instead, the user enters a code on a real Microsoft page. From the user’s perspective, the process appears trustworthy because the domain, login screen, and interface are genuine. In the background, the attacker gains access to the account or obtains tokens that can be reused later.
Adversary-in-the-middle attacks are also relevant. In this model, attacker-controlled infrastructure sits between the user and the real login service. The user signs in, approves MFA, and the attacker captures session tokens. That means passwords are only part of the problem. Sessions, permissions, tokens, and app consent are just as important.
For mid-sized companies, the practical conclusion is direct: MFA remains mandatory, but organizations should move toward phishing-resistant authentication, Conditional Access, device compliance, restricted app consent, and continuous review of unusual sign-in behavior.
How do traditional phishing emails differ from AI-enabled attacks?
| Feature | Traditional phishing | AI-enabled phishing and deepfake fraud |
|---|---|---|
| Language | Often generic, awkward, or error-prone | Industry-specific, personal, context-aware |
| Targeting | Broad distribution | Management, accounting, assistants, sales, IT |
| Pressure tactic | Account lock, package notice, overdue payment | Project delay, confidential payment, executive instruction |
| Deception method | Link, attachment, fake login page | Email, voice, video, legitimate login flows, tokens |
| Detection | Often possible through visible mistakes | Requires process verification and trusted callback paths |
| Potential impact | Credentials, malware, individual accounts | Payments, Microsoft 365 compromise, data loss, reputation damage |
The comparison shows that the biggest change is not that every attack is entirely new. The bigger issue is that attacks now look more like normal work. That is why training material from 2020 is no longer enough.
Which warning signs should accounting teams take seriously?
Accounting is a primary target because payments, master data, approvals, and vendor records come together there. Warning signs are not always technical. Often, they are deviations from the normal business process.
A new bank account shortly before payment is due should trigger verification. So should unusual urgency, a request for confidentiality, or an instruction that bypasses the normal approval path. Even a perfectly written email should be treated with caution if it asks for an exception.
The most useful rule is simple: verify the transaction, not the person. That reduces social pressure. If a payment is unusual, a second channel must be used. Not by replying to the email. Not by calling a phone number included in the message. Verification should use contact details already stored in the ERP, CRM, or vendor master data.
For vendor master data, one rule should be non-negotiable: bank account changes are not accepted by email alone. They require a separate verification path, documented approval, and preferably a waiting period or additional confirmation for high-risk amounts.
How serious are voice cloning and deepfake calls?
Voice cloning is dangerous because voice creates trust. A short call may be enough to make an email feel authentic. The attacker does not need to hold a long conversation. Sometimes one sentence is enough: “I just sent you something. Please process it quickly.”
Recent research on deepfake incidents from 2022 to 2026 shows that observed harms are particularly concentrated in voice-clone scams, financial fraud, and emotional manipulation. The practical damage does not only come from public deepfake videos. It often comes from direct deception in specific decision situations. Source: https://arxiv.org/abs/2605.12075
In mid-sized companies, this may affect the owner, managing director, CFO, executive assistant, or accounting team. The more visible a person is online, the easier it becomes to collect source material for voice or video imitation. Presentations, podcasts, webinars, social media clips, and trade fair recordings can all be useful to attackers.
The answer is not to disappear from public communication. Companies need verification routines. Critical actions must not be confirmed by voice, video, or chat alone. They require known callback numbers, internal code words for exceptional cases, defined approval levels, and a culture in which verification is treated as professional behavior.
What role does Microsoft 365 play in modern phishing attacks?
Microsoft 365 is the central work platform for many mid-sized companies. It holds email, calendars, documents, Teams chats, SharePoint libraries, and often approval workflows. That makes a compromised Microsoft account especially valuable.
Attackers are not only looking for passwords. They want mailbox access, forwarding rules, contacts, internal communication, and files. A compromised account can be used to send highly believable emails to customers, vendors, and colleagues. The attack then moves from outside the company to inside trusted communication.
Particularly risky areas include app permissions, old devices, weak administrator accounts, missing Conditional Access rules, and broad sharing permissions. Companies should regularly review which applications have access to Microsoft 365, which mailbox rules are active, and which accounts show unusual sign-in patterns.
For management and accounting, the key lesson is not to understand every technical detail. The important point is this: a real Microsoft login does not automatically mean the action is safe. The relevant question is whether the action was expected, plausible, and approved through the intended business process.
Which practical verification routines work without heavy bureaucracy?
Mid-sized companies need rules that people can follow during a busy workday. If security processes are too complex, teams will bypass them. Good rules are short, repeatable, and aligned with existing workflows.
Payments should have thresholds. Above a defined amount, a single email is not enough. A new bank account always requires a second channel. Unusual urgency pauses the process. Confidential special payments require documented approval by a second authorized person.
For IT access, the rule should be equally practical: do not enter codes from emails or chats unless you initiated the process yourself. Do not approve app access if the purpose and origin are not known. Administrator accounts should be separated from regular work accounts. Critical roles should use stronger authentication and more restrictive access conditions.
For assistants and sales teams, links to portals, tenders, file shares, and contract documents deserve special attention. This is especially true when the sender creates pressure or asks the recipient to move to an unfamiliar channel.
How should companies rethink security training?
Security awareness should not feel like an annual compliance exercise. People who process invoices, manage customer inquiries, or coordinate executive communication need examples from their actual work. An accounting employee faces different risks than a field technician. A sales representative has different contact points than an IT administrator.
Effective training uses realistic business scenarios. For a skilled trades company, this may be a fake supplier invoice. For a technical service provider, it may be a new project document. For a security services company, it may be a last-minute assignment with a link to an operations plan. For a manufacturer, it may be a supposed customer inquiry with an NDA and download link.
The response path matters as much as the warning signs. Employees need to know where to report suspicious messages. Internal reporting should be easy. A person who reports uncertainty should not fear embarrassment. Many losses do not happen because of the first click. They happen because nobody reacts quickly enough afterward.
Which technical safeguards are worth prioritizing?
Technology cannot replace human verification, but it can make attacks much harder. Useful measures include phishing-resistant MFA, Conditional Access, device compliance, restricted app consent, hardened administrator accounts, monitoring for unusual logins, and detection of suspicious forwarding rules.
Email security still matters. SPF, DKIM, and DMARC should be properly configured. Incoming mail should be checked for spoofing, suspicious attachments, rewritten links, and known campaigns. Still, companies should not rely on filters alone. CEO fraud often contains no malware. A well-written email can be technically clean and still be fraudulent.
For Microsoft 365, companies should pay special attention to tokens, OAuth consent, and mailbox rules. User consent to applications should be limited. Admin approval should be required for sensitive permissions. Older protocols and unnecessary external sharing should be reduced.
Why is this a management risk rather than only an IT issue?
Cyber incidents do not only affect systems. They affect liquidity, delivery capability, customer trust, and management accountability. If a fake payment instruction is executed, that is not merely a technical incident. It is a business process failure with financial consequences.
The Allianz Risk Barometer 2026 ranked cyber incidents as the top global business risk for the fifth consecutive year, with 42 percent of responses naming cyber incidents. Source: https://commercial.allianz.com/news-and-insights/news/allianz-risk-barometer-2026.html
For management teams in mid-sized companies, the question is not whether every technical detail is understood. The question is whether critical processes are resilient enough. Who may approve payments? Who may change vendor master data? Who approves app access? Who checks suspicious logins? Who makes decisions during an incident?
The strongest protection is often not spectacular. It consists of responsibilities, documented approvals, trusted callback paths, technical hardening, and regular practice.
Anchor AI strategically in your business
The KrambergAI AI Strategy helps companies define goals, identify relevant use cases, set priorities and develop a realistic roadmap for structured AI adoption.
Strategic guidance · Practical prioritization · Made in Germany
What is a pragmatic starting point?
The starting point is to identify the most critical processes. Companies should first review where money, identity, and access come together. These areas usually include payment approvals, vendor master data, Microsoft 365 accounts, administrator roles, external file sharing, and executive communication.
Then comes a short risk review. Which roles can trigger payments? Which people are publicly visible through voice or video? Which accounts have broad permissions? Which approvals still run by email? Which exceptions are commonly accepted?
From that review, a small number of binding rules should follow. No bank data change without a second channel. No payment outside defined approval paths. No app consent without review. No device code entry after an unexpected request. No confidential special payment based only on email, chat, voice, or video.
This turns AI security into a practical business topic. It protects accounting, management, sales, executive assistance, and IT administration without turning daily work into a security maze.
Which statistics were used?
- Device-code phishing increased by 1,380 percent in the first four months of 2026 compared with the second half of 2025.
Source: Axios, https://www.axios.com/2026/06/23/ai-automation-phishing-emails-hackers - Microsoft observed a campaign targeting more than 35,000 users across more than 13,000 organizations in 26 countries.
Source: Microsoft, https://www.microsoft.com/en-us/security/blog/2026/05/04/breaking-the-code-multi-stage-code-of-conduct-phishing-campaign-leads-to-aitm-token-compromise/ - Research on deepfake incidents from 2022 to 2026 identifies voice-clone scams, financial fraud, and emotional manipulation as central observed harm areas.
Source: arXiv, https://arxiv.org/abs/2605.12075 - The Allianz Risk Barometer 2026 ranks cyber incidents as the top global business risk, with 42 percent of responses.
Source: Allianz, https://commercial.allianz.com/news-and-insights/news/allianz-risk-barometer-2026.html
Further reading
- BSI: Deepfakes – risks and countermeasures
https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Kuenstliche-Intelligenz/Deepfakes/deepfakes_node.html - Microsoft Security: Inside an AI-enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/ - ENISA Threat Landscape 2025
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025
How can companies recognize AI phishing?
AI phishing is rarely identified by spelling mistakes alone. More reliable warning signs are deviations from normal workflows: unusual urgency, changed bank details, confidential special requests, unexpected Microsoft codes, new portal links, or instructions outside defined approval paths. The key question is whether message, process, channel, and timing make sense together.
What is AI-enabled CEO fraud?
AI-enabled CEO fraud is a scam in which attackers impersonate executives using email, chat, voice, or video. The goal is usually a payment, data disclosure, or access approval. The attack becomes dangerous when preparation, confidential tone, and artificial time pressure are combined in a believable business situation.
Why is accounting especially exposed?
Accounting handles invoices, bank details, payment approvals, and vendor master data. These processes are financially valuable to attackers. If a fake email requests a changed bank account or urgent payment, a single mistake can cause direct loss. That is why accounting teams need defined verification routines.
Can MFA be bypassed by phishing?
Yes. Some attacks can bypass or abuse MFA. In device-code phishing or token theft, the user may not hand a password to a fake page. Instead, the user approves a legitimate-looking process prepared by the attacker. That is why phishing-resistant authentication and access policies matter.
How can companies protect against voice cloning?
Protection against voice cloning requires trusted callback paths, internal code words for exceptional cases, and approvals through known channels. A voice should never be enough to authorize payments, master data changes, or confidential actions. Critical decisions should be confirmed through stored contact details and a second authorized person.
What role does Microsoft 365 play in AI phishing?
Microsoft 365 is attractive because email, files, calendars, Teams communication, and permissions converge there. Attackers try to take over accounts, tokens, or app permissions. Companies should regularly review application consent, forwarding rules, administrator accounts, sign-in behavior, and Conditional Access policies.
Which immediate actions are useful for mid-sized companies?
Useful immediate actions include defined payment approvals, callback requirements for changed bank details, phishing-resistant MFA for critical roles, restricted app consent, separate administrator accounts, and short training sessions with realistic examples. A simple internal reporting path is also essential for fast response.
What should AI phishing training include?
Effective training should use examples from daily work. Accounting, executive assistance, sales, management, and IT need different scenarios. Training should cover not only warning signs but also response steps: do not reply, do not click, do not approve, verify through trusted channels, and report internally.
What should a company do after an employee falls for phishing?
Speed matters. The affected account should be locked or reset. Sessions and tokens should be revoked, forwarding rules checked, and suspicious app permissions removed. Payment workflows, affected communication partners, and possible data exposure should also be reviewed. Blame slows down response.
Why is AI security a management responsibility?
Management is responsible for processes, payment approvals, risk management, and business continuity. AI phishing and deepfakes target decisions with financial impact. That is why the issue cannot be delegated to IT alone. Management, accounting, and IT need shared verification and escalation routines.

