AI Is Now Driving 86% of Phishing Attacks — and Microsoft Is the Primary Target

New research from KnowBe4’s Phishing Threat Trends Report paints a clear picture of where the threat landscape is heading: phishing attacks increased by 17.1% in the first half of 2026, and 86% of them are now generated or enhanced using artificial intelligence. The scale and sophistication of what businesses are facing has shifted significantly — and Australian businesses running Microsoft 365 are squarely in the crosshairs.

For years, the standard advice was to look for the telltale signs of a phishing email: poor spelling, a suspicious sender address, a generic greeting. AI has made most of that advice obsolete. Attackers can now generate personalised, grammatically perfect messages at scale — tailored to the recipient, the organisation, and even the tools they use every day.

It’s No Longer Just Email

One of the most significant findings in the report is how far phishing has expanded beyond the inbox. Attackers are now using the same platforms your team relies on for legitimate work — and that’s precisely what makes them so effective.

The reverse proxy technique is particularly concerning. Rather than directing victims to a fake login page, the attacker sits between the user and the real Microsoft login — capturing not just the password, but the authentication session itself. That means standard multi-factor authentication won’t stop it.

Why Microsoft 365 Users Are the Primary Target

Microsoft 365 is the world’s most widely deployed business productivity platform — and that scale makes it the most valuable target. When attackers successfully harvest a Microsoft credential, they potentially gain access to email, SharePoint, Teams, OneDrive, and any connected third-party applications. A single compromised account can be used to launch further attacks against colleagues, access sensitive files, or impersonate the account holder to authorise financial transactions.

The report also found that finance, legal, and healthcare were the most commonly targeted industries — all sectors where Microsoft 365 is deeply embedded in daily operations, and where the consequences of a breach are most severe.

What You Can Do Now

The good news is that the right controls significantly reduce your exposure. These aren’t complex or expensive measures — but they do need to be in place before an incident, not after.

• 1

  Move beyond standard MFA

  SMS-based and app-based MFA can be intercepted by reverse proxy attacks. Phishing-resistant MFA — such as FIDO2 hardware keys or passkey-based authentication — stops stolen credentials from being usable even if they’re captured.

• 2

  Train your team on new attack surfaces

  Most security awareness training focuses on email. Employees also need to know how to spot suspicious Teams messages, unexpected calendar invites with external links, and requests to click or authenticate through unfamiliar channels.

• 3

  Review your Microsoft 365 configuration

  Many default Microsoft 365 settings leave room for abuse. External guest access, Teams federation, and calendar sharing permissions should all be reviewed to limit the attack surface available to an external threat actor.

• 4

  Add email security that understands AI-generated content

  Traditional email filters look for known malicious links and attachments. AI-generated phishing doesn’t rely on either — it relies on convincing language. Advanced email security tools, including those using AI themselves, are now better equipped to detect these threats before they reach your inbox.