https://www.zscaler.com/blogs/security-research/phishing-season-2025-latest-predictions-unveiled
Zscaler’s ThreatLabz has released its predictions for phishing attacks in 2025, highlighting a surge in sophistication and new attack vectors.
Key predictions include:
- AI-powered phishing: Both attackers and defenders will leverage AI, with attackers using AI to craft more convincing and personalized phishing emails and security vendors utilizing AI to enhance threat detection.
- MFA bypass: Phishing attacks will increasingly focus on bypassing multi-factor authentication (MFA) through techniques like adversary-in-the-middle attacks and localized phishing content.
- Vishing attacks on the rise: Voice phishing (vishing) attacks will become more sophisticated, utilizing AI-powered voice cloning technology to mimic trusted individuals and deceive victims.
- Mobile device targeting: Attackers will exploit vulnerabilities in mobile devices and platforms, leveraging social engineering tactics and exploiting trust in common communication channels like push notifications.
- Politically motivated attacks: Phishing attacks will capitalize on political events and heightened emotions, targeting voters and political campaigns with deceptive communications.
- Exploitation of encrypted messaging platforms: Cybercriminals will increasingly utilize encrypted messaging platforms to launch phishing attacks, leveraging bots to automate malicious activities and evade detection.
- Browser-in-the-browser attacks: These attacks will become more sophisticated, with AI-driven customization to mimic browser environments more convincingly and adapt to user interactions.
These predictions underscore the evolving threat landscape and the need for organizations and individuals to remain vigilant against increasingly sophisticated phishing attacks.