Phishing is no longer just about mass emails and sloppy scam attempts. In 2025, cybercriminals are taking a sharp turn — deploying AI-generated lures, targeting emerging markets, and exploiting community platforms to launch hyper-personalized, high-impact attacks. That’s the key message from the newly released Zscaler ThreatLabz 2025 Phishing Report, a deep dive into evolving phishing strategies across the globe.
A Global Decline in Volume, But a Rise in Sophistication
The good news? Phishing attacks are down globally by 20%. The bad news? They’ve become far more personalized and effective. In 2024, the United States saw a 31.8% decrease in phishing volume — thanks largely to Gmail’s stricter sender authentication policies.
But attackers aren’t quitting — they’re shifting focus. Countries like Brazil, Hong Kong, and the Netherlands experienced phishing surges as cybercriminals exploited digital growth and weak security infrastructure. Brazil, for instance, became a top-10 target for the first time, following a massive $186.6 billion investment in digital transformation that brought millions of new users online — many with little cybersecurity awareness.
AI Tools: The Hacker’s New Best Friend
The most chilling trend in the Zscaler 2025 phishing report is the use of generative AI. What was once a key defensive tool is now being used to create believable phishing content—complete with fake voice, video, and SMS messages. Even more alarming, they’re using AI to manipulate those AI-powered defenses by embedding misleading text like “this file is benign” into malware payloads.
In one case, attackers used a deceptive PowerShell script embedded with a fake “prime number generator” comment to trick LLM-based security tools into misclassifying the code as harmless.
Top Industries in the Crosshairs
Phishing hit the manufacturing sector hard in 2024 — despite a 16.8% decline in attack volume. Why? Because even modest reductions don’t offset the sector’s inherent vulnerability. With sprawling supply chains, legacy systems, and high-value targets across production lines, manufacturing remains fertile ground for cybercriminals. The real outlier, however, was education — a sector that saw a jaw-dropping 224% surge in phishing incidents. This should set off alarm bells.
Schools and universities are under pressure to digitize yet often operate with outdated infrastructure and shoestring IT budgets. Add to that a seasonal cadence—back-to-school, financial aid deadlines, exam periods — and you’ve got a predictable, high-pressure environment that cyber attackers exploit with ruthless efficiency.
Meanwhile, sectors like tech and finance saw notable wins. Phishing activity dropped by 32.8% and 78.2%, respectively — an encouraging sign that investments in DMARC protocols, AI-enhanced threat detection, and zero trust architectures are doing what they’re supposed to do. These are not just security upgrades—they’re strategic business enablers, helping protect brand equity, customer trust, and bottom-line resilience in an era where every digital interaction is a potential risk vector.
Social Platforms and Spoofed Brands
According to the Zscaler 2025 phishing report, phishing campaigns increasingly exploit social media platforms like Telegram, Facebook, and Steam — both as impersonated brands and malware delivery channels. Telegram, in particular, pulled double duty, ranking as both the most spoofed brand and the most abused platform for hosting and spreading malicious content. That’s a sobering signal for enterprise and consumer users alike.
Among impersonated brands, Microsoft reigned supreme — accounting for a staggering 51.7% of brand-based phishing attempts, leveraging its ubiquity and user familiarity to trick even the most discerning recipients. Also in the cybercriminals’ top five: Telegram, Google, Netflix, and Facebook — brands we use daily, implicitly trust, and rarely question. That’s exactly the point.
Phishing Trends to Watch
So what’s to come in 2025 and 2026? The Zscaler 2025 phishing report highlights five key phishing trends that we need to be wary of. These include:
Vishing scams. Attackers impersonate IT support over the phone to bypass email filters and gain user trust.
CAPTCHA evasion. Phishing sites use CAPTCHAs to mask malicious intent and avoid bot detection.
Fake crypto and AI platforms. Scammers create convincing clones of crypto exchanges and AI tools to steal logins and payments.
Payment scams. Fake invoices targeting finance departments remain a staple tactic.
Phishing-as-a-Service. Threat actors now offer scalable phishing kits using GenAI, streamlining attack deployment.
Fighting Back with Zero Trust and AI
So what are brands to do? Zscaler’s playbook for phishing defense isn’t flashy — it’s foundational. The core strategy? A multi-layered, zero trust architecture fortified with AI-powered threat detection, real-time TLS/SSL traffic inspection, deception tech, and browser isolation. These aren’t buzzwords — they’re battle-tested tools designed to protect what matters most: your people, your data, and your reputation.
But let’s be clear: technology alone won’t save you. Even the most advanced defenses can be undone by one distracted click. That’s why user education isn’t optional — it’s critical infrastructure. Organizations must think beyond firewalls and endpoint agents to invest in what I often call the “human firewall.” It’s the first — and sometimes only— line of defense between a bad actor and a business-ending breach.
Final Thoughts
Phishing in 2025 is not just more sophisticated — it’s adaptive, scalable, and powered by the same AI technologies defenders are using to stop it. The threat landscape is evolving at breakneck speed, and cybercriminals are nothing if not agile.
What does that mean for enterprise leaders? It means moving fast. It means embracing a zero trust mindset — not someday, but now. It means operationalizing AI as a force multiplier. And it means making security awareness part of your company culture, not a checkbox in your compliance binder.
The bad actors are innovating. The good guys? We have to move faster, think smarter, and defend better.
Because in today’s threat landscape, “business as usual” is how you get breached.
Find the full Zscaler report here
This article was originally published on LinkedIn.
Read more of my coverage here:
Commvault’s Recovery Range: Transforming Cyber Resilience Through Immersive Experience
AI Trust Scores and Blockchain — the Foundations for the Golden Age of AI
Beyond the Copilot Button: How Agentic AI is Transforming Asset Management