Phishing exploits the natural human tendency to trust familiar contacts, and it remains one of the most common forms of social engineering attacks targeting accounting professionals today. By creating a false sense of urgency, cyber criminals pressure targets into acting on a fraudulent request without verification. 

While phishing is a well-known tactic, it’s far from becoming a thing of the past. In fact, in 2025, Practice Protect noted a distinct evolution into a more sophisticated and effective approach. Criminal preparation for attacks that once took weeks can now be done in hours. This has been driven by artificial intelligence (AI) and machine learning that seamlessly fill knowledge and skill gaps for threat actors. 

Just like accountants are using AI tools to improve their workflows and drive efficiencies, so too are cyber criminals.    

AI technologies like Generative AI (GenAI) and Large Language Models (LLMs) now allow attackers to craft hyper-personalised messages that exploit psychological triggers, such as urgency, trust, and authority—prompting impulsive responses from their targets.    

These developments now allow criminals to execute convincingly authentic attacks at scale—exacerbating the scope, severity,  and frequency of sophisticated phishing attacks. 

Sophisticated Phishing: Growth in Numbers 

• AI-generated phishing messages achieved a 54% click-through rate, compared to just 12% for human-written emails¹ 
• 43% of Australian businesses faced AI-powered attacks in 2024²  
• 55% of APAC organisations are unprepared for AI-powered attacks³ 
• Business Email Compromise cost Australian businesses $79M in 2023⁴ 

55% of organisations in the APAC region which comprises of 54% Australians are unprepared for AI-powered attacks in 2024 State of AI Cybersecurity Report. Moreover, 89% expect these threats to persist, while 78% cited significant operational impacts.⁵ 

Business Email Compromise (BEC) fraud illustrates the rise in AI-driven phishing. BEC scams cost Australian businesses over AUD 79 million in 2022-2023 financial year, with an average financial loss of over $39,000 per incident.⁴ 

BEC fraud wasn’t just another cyber threat, it ranked as the second most-reported cybercrime for businesses to law enforcement in 2024.⁵

And the trend didn’t slow down.  

False billing or ‘payment redirection’ which is a common form of BEC, continued to dominate scam reports to Scamwatch in 2024. In the same year, small businesses remained heavily impacted, recording more scam incidents, more reports involving losses, and higher total losses than medium and large businesses.⁶ 

These developments emphasize the urgent need for accounting professionals to strengthen their cyber security strategies and adopt proactive measures to defend against sophisticated phishing attacks. 

What is Sophisticated Phishing? 

AI has removed the limitations that once made phishing attacks easy to spot. The once-obvious red flags like grammatical errors or awkward phrasing that’s almost like giveaway, are now far less common.  

Sophisticated phishing is when cyber criminals leverage AI tools like Generative AI and Large Language Models (LLMs) to drive more convincing deception strategies.   

These AI tools enhance sophisticated phishing attacks by analyzing social media, public records, and past data leaks to build detailed profiles of potential victims. Attackers can then generate hyper-personalised messages that appear native to the recipient’s communication style, closing the gap for logical reasoning in response to urgent, fraudulent demands.   

AI-driven attacks even extend beyond email messaging-based scams. With just brief audio samples, attackers can clone voices and generate deepfake videos to impersonate trusted individuals, further blurring the lines between genuine communication and deception. This scalability allows cybercriminals to launch multiple campaigns simultaneously, increasing their reach and success rate. 

Tax Season Deadlines as a Common Target 

The financial services sector is particularly vulnerable to sophisticated phishing and AI-enhanced scams. The industry experienced the fourth-highest number of phishing incidents in 2024.⁸  

Sophisticated phishing campaigns exploit high-pressure scenarios for accountants. Increased workload and urgency during these moments in accounting environments can compromise usual security protocols. This makes it easier for attackers to manipulate workflows and exploit vulnerabilities, ultimately increasing the risk of successful phishing attacks.  

Common targets might look like this:  

End-of-quarter deadlines

When accounting teams are under intense pressure to close financial reports quickly, staff may overlook verification steps in the rush to meet deadlines.   

Urgent client requests

When clients send last-minute payments or data requests, accountants can be compelled to act immediately, often bypassing proper verification procedures.  

Tax season pressures

During the busy tax filing period, the urgency to finalize returns and financial statements can lead to reduced scrutiny, creating opportunities for attackers to slip in fraudulent communications. 

What it Means for Accounting Professionals 

As stewards of sensitive financial data, accountants are on the frontline of cyber risks and AI has made thwarting them tricky with sophisticated social engineering attacks that thrive on urgency and fear.  

AI-driven phishing and Business Email Compromise (BEC) fraud using AI to imitate emails from corporate partners and managers, deceiving employees into authorizing large fund transfers have resulted in significant financial losses across APAC. In 2023, Australia ranked among the top 10 countries targeted by phishing campaigns.⁹ 

Broader Impact of Sophisticated Phishing Techniques on Accountants 

Phishing scams surged from 13,120 cases in 2020 to 39,587 cases in 2023, with the finance sector experiencing both the highest number of phishing attempts and the largest year-over-year increase. In fact, attacks rose by 393% in 2024 compared to the previous year, according to Australian Competition and Consumer Commission reports. 

AI-enhanced scam incidents highlight the far-reaching impact of sophisticated phishing for accountants, which can result in: 

• Financial Losses: Direct costs from unauthorized transfers and indirect costs tied to operational downtime and recovery. 
• Reputational Damage: Loss of client trust and negative media exposure that can harm future your firm’s future growth opportunities. 
• Operational Disruptions: Internal resources redirected toward investigations, client notifications, and system restoration. 
• Legal and Compliance Risks: Greater regulatory scrutiny under Australia’s Cyber Security Act 2024, with potential fines and penalties for failing to protect sensitive data. 
• Loss of Competitive Edge: Exposure of proprietary data that could weaken a firm’s strategic position. 

For accountants and financial professionals, the figures highlight the urgent need for enhanced, multi-layered cybersecurity measures and improved verification processes to stay ahead of AI-driven threats. 

AI-Powered Phishing: Steps Accounting Professionals Can Take to Counter It

In a time where AI-powered phishing is increasingly effective, taking a proactive stance is crucial. Here are targeted measures to reduce your firm’s vulnerability: 

1. Enable Multi-Factor Authentication (MFA) 

Accounting platforms, email systems, and tax or client portals are prime targets for identity theft. A second verification step, whether it’s a token, authenticator app, or biometric scan, significantly reduces the risk of unauthorised access to confidential financial data even when credentials are compromised. This quick step can prevent potential breaches that may otherwise cost your firm hundreds of thousands in damages. 

2. Invest in AI-Powered Email Security Tools 

Phishing emails targeting accountants often impersonate clients and known entities or imitate payment requests and instructions or tax-related inquiries with hyper-personalised messaging that traditional filters often miss. AI-powered email security tools flag and detect these advanced scams by identifying suspicious behaviors, such as unusual sender patterns, unexpected file attachments, or subtle language shifts. In fact, businesses that implemented AI-based threat detection identified breaches 28 days faster, according to IBM’s 2023 report, buying critical time to mitigate potential damage. 

3. Conduct Regular Employee Training 

Even the best technology is only as effective as its users, especially with humans deemed as the weakest link in cyber security. Training can reduce the risk posed by sophisticated phishing, which has a higher success rate due to its tailored nature, so teams can quickly recognise urgent requests for payment, unexpected wire transfer instructions, or last-minute changes to bank account details, even if they appear to come from trusted clients or colleagues. KnowBe4 research indicates that without such training, employees’ phish-prone percentages can reach 33.1%. 

4. Implement a Zero Trust Model 

Accounting professionals often manage financial records across multiple systems, increasing the risk of unauthorised access. Adopting a ‘Zero Trust’ framework ensures that no user or device is trusted by default and every access request is verified regardless of origin. By requiring continuous authentication for every access attempt, especially for accounting and tax software, document management systems, and payroll portals, you can reduce the risk of compromised credentials resulting in fraudulent transactions. 

5. Enhance Data Privacy Measures 

Accounting firms routinely share employee contact details, leadership profiles, and client references across various channels. Limiting the publicly available and personal identifiable information about your team reduces the data attackers can exploit to craft convincing phishing attempts. Regularly review and restrict access to employee details on websites, social media, and public directories or databases to minimize exposure. 

Securing Your Firm in the Era of Sophisticated Phishing 

The prevalence of AI-powered phishing demands a proactive and multi-layered approach to cyber security, especially for accountants managing their clients’ sensitive data.  

With AI,  phishing attacks are harder to detect, and the ability to craft hyper-personalised attacks that mimic trusted sources, from colleagues, clients, or third‐party service providers with convincing accuracy, make even the most cautious professionals vulnerable. 

The scale, precision, and psychological manipulation behind these attacks are evolving rapidly, posing heightened risks to accounting practices in 2025 and beyond.  

Without proactive security measures, firms face severe consequences from financial losses and reputational damage to operational disruptions and regulatory penalties under Australia’s Cyber Security Act 2024. 

Defending against these threats requires decisive action and multi-level protection.  

Book a security consultation with Practice Protect to assess your firm’s vulnerabilities and equip your firm with the right platform and strategies to counter AI-driven phishing attacks. 

Sources:

¹ Global Threat Report, Crowdstrike, 2025

² Simplifying IT in the fast lane of change, JumpCloud 2024

³ State of AI Cybersecurity Report, Darktrace, 2024

⁴ Annual Cyber Threat Report, Australian Cyber Security Centre, 2023

⁵ Annual Cyber Threat Report, Australian Cyber Security Centre, 2024

⁶ Targeting Scams Report, National Anti-Scam Centre, Australian Competition and Consumer Commission, 2025

⁷ State of AI Cybersecurity Report, Darktrace 2024

⁸ Phishing Trends Report, Hoxhunt, 2025

⁹ Threatlabz Phishing Report, Zscaler, 2024