Tuesday, May 6, 2025
HomeCyber AIPhishing Attacks Rise By 58% As The Attackers Leverage AI Tools

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

Published on

SIEM as a Service

Follow Us on Google News

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns.

Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders.

Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI.

- Advertisement - Google News

This report demonstrates the need for constant alertness and zero trust security against an evolving phishing landscape, with examples reflecting how AI is now being used to enhance such activities.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Phishing surged 58.2% in 2023 as threat actors leveraged AI for sophisticated social engineering like voice/deepfake phishing.

Adversary-in-the-middle and emerging browser-in-the-browser attacks persisted. 

The top targeted countries were:-

  • US
  • UK
  • India
  • Canada
  • Germany
Top targeted countries (Source – Zscaler)

Besides this, Finance and insurance faced 27.8% of attacks (a 393% year-over-year increase), the highest percentage across industries.

Industries targeted most (Source – Zscaler)

While Microsoft remained the most impersonated brand at 43.1% of phishing attempts. AI amplified reach and deception of phishing campaigns across multiple vectors.

However, there is a swap since, as it increases productivity, generative AI also serves as a two-edged sword by enabling even inexperienced threat actors to become the skilled social engineers that they are.

AI performs reconnaissance tasks automatically, personalizes email and communications to eliminate mistakes, and creates attractive phishing pages that are indistinguishable from genuine ones.

The report presented ChatGPT generating a login page for phishing within 10 prompts and includes warning signs to look out for.

Emerging sophisticated approaches include voice phishing (vishing) supported by AI and deepfake impersonation in the name of social engineering.

Phishing has grown worse due to generative AI because it allows quicker and more accurate attacks at multiple phases.

There is a global increase in the adoption of advanced AI-driven voice impersonation for vishing campaigns, which has caused great financial damage in some instances. 

One of the biggest challenges related to AI cyber threats is deep fake phishing that perfectly copies facial appearances, voice,s and gestures. 

The capability of AI-driven vishing and deepfake impersonation to be very sophisticated poses significant emergent challenges that strong organizational defenses must fulfil.

Mitigations

Here below, we have mentioned all the mitigations recommended by the researchers:-

  • Use AI-powered phishing prevention solutions that offer several capabilities, such as Browser Isolation, to combat AI-driven threats effectively.
  • Implement a Zero Trust architecture to prevent traditional and AI-driven phishing attacks at multiple stages.
  • Prevent compromise by inspecting TLS/SSL at scale.
  • Eliminate lateral movement by enabling direct user-to-application connections and implementing AI-powered app segmentation.
  • Detect and shut down compromised users and insider threats using inline inspection.
  • Prevent data loss by inspecting data in-motion and at-rest.
  • Adopt foundational security best practices to enhance overall resilience to phishing attacks.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...