Phishing attacks are becoming more sophisticated than ever in 2025, leveraging cutting-edge technology to deceive individuals and organizations. Here are the new and most prevalent trends to consider when defending against the number one cyber attack vector.
According to the 2024 Verizon DBIR and the Comcast Business Cybersecurity Threat Report, human involvement is a factor in 68% of breaches. Among those, 80-95% originate from phishing attacks. This makes phishing one of the most common methods attackers use to target organizations and individuals, driving them to continuously refine their tactics.
Some of the most significant trends this year include:
AI-Generated Phishing Emails
Cybercriminals are using artificial intelligence to craft personalized emails that mimic legitimate communications with alarming accuracy. By analyzing social media profiles and digital footprints, AI tools create convincing messages that seem to come from trusted contacts, making it harder for recipients to spot scams.
Quishing:
involving the use of malicious QR codes in HTML emails and/or attachments. When scanned, these codes can lead to fraudulent websites designed to steal sensitive information or download malware onto devices. New variants include dynamic QR codes that change destinations after scanning, making detection even harder.
Credential phishing:
The majority of phishing campaigns aim to steal credentials, particularly targeting cloud-based services like Microsoft 365 and Google Workspace. These cyber attacks leverage realistic fake login pages and fake password recovery emails to deceive users.
Multi-channel phishing:
Attackers are increasingly exploiting platforms like Slack, Teams, and social media to connect with the victim from different vectors, creating (false) proximity and trust. These complex phishing scam can even use phone calls or video conferences.
Headhunters phishing:
involving multiple channels, this trend is about leveraging the job seeking platforms and social tools in order to obtain sensitive information about the current work of the victim.
Obviously, older and more traditional forms of phishing, such as Business Email Compromise, Government & Tax phishing, and Parcel Delivery scams continue to co-exist.
How to Stay Protected:
- Verify Before You Trust: Always verify unexpected emails or messages, especially those urging immediate action and those related to money, identity, and disclosure of important information.
- Inspect QR Codes Carefully: Avoid scanning QR codes from unknown sources and check the URLs before proceeding.
- Enable Multi-Factor Authentication: Add an extra layer of security to your accounts.
- Stay Updated: Regularly update your software and your education regarding the latest phishing tactics.
Sources and Further Reading:
- Phishing Scams Will Be Harder to Spot in 2025 – Coalition Inc.
- Improved QR code format could quash phishing attacks – Tech Xplore
- Scam alert: QR code on an unexpected package – FTC
© AnubisNetworks 2023 •