AI-generated phishing as become the default, and brand impersonation has emerged as the dominant fraud method; these are the two headline findings from Kaseya’s 2026 cybersecurity report.
There has been a significant rise in AI-enabled cyber-crime campaigns, the report found. Gen-AI has enabled cyber-criminals to refine their tactics, shifting from mass volume operations to carefully constructed, personalised attacks that reduce people’s ability to recognise threats.
26% of cyber-crime complaints filed with the FBI were phishing-related, with losses significantly increasing from $18.7 billion to $70 billion per year in 2025.
Business Email Compromise Attacks
Business Email Compromise (BEC) attacks have become low-risk, high-reward methods compared to ransomware and data theft, with the average loss per successful BEC incident totalling $129,193.
BEC attacks often impersonate company executives or suppliers, with emails suggesting that old accounts have been compromised and urging communication through a new account. Attackers attempt to build rapport before demanding bank transfers, invoice payments or suggesting payroll changes – all under the guise of being a known colleague or associate.
While large corporate organisations account for most cyber-crime headlines, SMEs are disproportionately affected by cyber-crime.For an SME, a single successful BEC attack can threaten survival.
SMEs are also easier targets for criminals, often lacking strong cybersecurity measures, relying on outdated systems and infrastructure, and depending on third party suppliers, all of which increases vulnerability to BEC attacks.
Shockingly, Kaseya reported that 60% of small businesses close within six months of a cyber-attack.
Organisations must prioritise training staff to detect and prevent these attacks before they cause significant damage.
Brand Impersonation Attacks
Attackers are using AI to refine communication and impersonation techniques. According to the Kaseya report, “If phishing is the leading cyber-crime category, brand impersonation is its most effective delivery mechanism.”
The report found 6,688,601 brand impersonation emails were detected in the second half of 2025 alone.
Cyber-criminals are strategically impersonating organisations that are perceived to have high levels of trust, and that can be embedded into business and personal daily workflows.
Impersonated brands include financial institutions and government authorities. In some instances co-branded campaigns or ‘muti-layered impersonation’ tactics were used to increase the likelihood of recipient trust.
While this type of attack is not new, the effectiveness of them has increased significantly with the use of AI. Cyber-criminals ability to replicate brand images, font, text and tone of voice has been drastically increased through AI.
Attacks have become more complex, often omitting elements which have now become known for being malicious, such as links or attachments. Instead, criminals have pivoted to provide phone numbers which, when recipients phone them, activate voice phishing attacks, requesting replies, including QR codes or directing users to verify details via secondary channels – all as methods of gaining access to users’ sensitive information.
Recommended reading
While technology and financial companies remain the most heavily targeted sectors, the landscape is changing. Attackers are now increasingly posing as retail brands (impersonating shipment notifications), telecommunications (impersonating account alerts), logistics (impersonating delivery failures), and professional services platforms.
These sectors have been carefully selected to align with everyday consumer behaviours.
The top three impersonated brands in 2025, according to the Kaseya report were, Microsoft, Docusign and Amazon – platforms that most internet users will already engage with. Together, these three organisations accounted for 76.8% of brand impersonation attacks.
Recognition of the brand, familiar workflows, perceived urgency and contextual relevance are key drivers for attackers. The successful integration of these components is convincingly disarming recipients, enabling account takeovers that lead to data theft or financial fraud.
Attackers are using this as a “psychological lever” to drive financially motivated attacks.
These findings show how cyber-attacks are evolving. AI has enabled attackers to gain credibility, personalise their efforts and integrate seamlessly in daily life. In 2026, researchers expect the continued use of automation to launch targeted attacks that remain undetected.
