AI-Enabled Phishing Attacks Against APAC Enterprises Up 340% in 2025 — Deepfakes Used in 18% of BEC Attempts

Palo Alto Networks Unit 42 threat intelligence research documents a 340% increase in AI-enabled phishing and social engineering attacks targeting APAC enterprises in 2025. The research identifies AI-generated content as a core attack enabler: attackers are using large language models to generate grammatically perfect, culturally contextualised phishing content in APAC languages (Mandarin, Japanese, Korean, Bahasa, Thai), eliminating the language errors that previously enabled detection. Most significantly, AI-generated deepfake video and audio content was used in 18% of documented business email compromise (BEC) attempts — with attackers simulating CFO or CEO voices and video to authorise fraudulent payment transfers.

For APAC enterprise security teams, the research underscores the insufficiency of traditional email security (spam filters, domain reputation checks) against AI-enabled social engineering. AI-generated content passes most traditional content quality checks; deepfake audio and video BEC bypasses human verification. The report recommends deployment of AI-powered email security platforms (including Microsoft Defender for Office 365, Proofpoint, and Abnormal Security) that use ML to detect anomalous sender behaviour rather than content patterns. APAC enterprises should also implement multi-channel payment verification protocols — no payment instruction communicated via a single channel (email alone, video call alone) should be executable without cross-channel confirmation through a trusted secondary channel.