Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A new report from KnowBe4 has revealed that more than 80 per cent of all phishing emails now boast some form of AI enhancement.
Cyber criminals are increasingly taking advantage of artificial intelligence (AI) to generate content for phishing attacks, according to new research by identity security firm KnowBe4.
In fact, 82.6 per cent of phishing emails now contain AI-generated elements.
The alarming figure comes from KnowBe4’s Phishing Threat Trends 2025 Report, released today (21 March), which also revealed that the most impersonated brands in phishing attacks were Microsoft, Docusign, Adobe, Paypal, and LinkedIn.
The report found that phishing emails increased by 17.3 per cent in the period between 15 September 2024 and 14 February 2025, while ransomware payloads in phishing emails increased by 22.6 per cent.
One particularly sophisticated INC Ransom payload was observed by KnowBe4’s Defend platform, illustrating the threat that ransomware delivered via phishing attacks.
“As ever, innovation in phishing threats and defences is accelerating rapidly,” Jack Chapman, senior vice president of threat intelligence at KnowBe4, said in a statement.
“In this report, we have observed cyber criminals evolving their tactics, leveraging ransomware and polymorphic campaigns with new strategies to evade detection by both traditional and advanced technologies.”
Forty-seven per cent of phishing attacks were able to bypass Microsoft’s defences, while 57.9 per cent of phishing emails came from compromised accounts. Cyber criminals are also focusing on hiring scams for their phishing attacks, with the engineering sector a particular focus. Sixty-four per cent of hiring emails targeted that sector, compared to IT and HR roles, which made up 10 per cent of attacks.
Polymorphic phishing tactics – where the scammer takes advantage of constantly changing email formats to evade detection – are also on the rise and are now present in 76.4 per cent of phishing attacks.
“As we move through 2025, both phishing threats and defences will continue to evolve, emphasising a holistic approach that integrates technical defences with human risk management.
“A strong security culture starts with detection but is reinforced by awareness, continuous education, and adaptive technology.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
