Every year, cybercriminals sharpen their tools and refine their tactics to exploit network and security vulnerabilities. Gone are the days of clumsy emails with glaring typos and suspicious attachments. Instead, we face an era of new sophistication. No longer just stealing credentials, attackers are creating intricate digital narratives that make it difficult to distinguish friend from foe in our inboxes and DMs.
But these revelations are more than a glimpse in the cybercriminal underworld; they are a call to action. As phishing attacks continue to evolve, so should our defenses.
Phishing predictions for 2025In our ThreatLabz 2024 Phishing Report, we shared the following key predictions for the year to come:
Prediction 1: AI vs. AI will be an enduring challengeEnhanced AI capabilities increase the speed, scale, and automation of cyberattacks. Threat actors will widely adopt AI to craft more sophisticated phishing schemes and advanced techniques in 2025. As cybercriminals leverage publicly available and custom-made AI tools to orchestrate highly targeted campaigns, exploiting the trust of individuals and organizations alike, security vendors will integrate generative AI into their toolkits to enhance threat detection and response capabilities.
Prediction 2: Phishing as a service will intensify its focus on MFA exploitation and AiTMPhishing as a service removes technical barriers, allowing threat actors to launch successful phishing campaigns with limited expertise. They can take advantage of developer knowledge to launch a phishing attack and use advanced techniques to avoid detection. In the coming year, we can expect threat actors to conduct high-volume phishing campaigns aimed at bypassing enterprise multifactor authentication (MFA) through phishing kits that include AI-powered adversary-in-the-middle (AiTM) techniques, localized phishing content, and target fingerprinting.
Prediction 3: Vishing attacks spearheaded by malware groups will surge significantlyAs cybercriminals’ efforts become more sophisticated, they will increasingly turn to targeted voice and video phishing campaigns. For example, AI-driven voice cloning technology enables cybercriminals to mimic the voices of trusted individuals, creating highly realistic impersonations that can trick even the most vigilant people. Combined with the growing amount of VoIP accessibility and caller ID spoofing, attackers can mask their identities and origins, making it more difficult to trace the source of vishing calls.
Prediction 4: Attackers will home in on vulnerabilities inherent in mobile devices and platformsRemote work and bring-your-own-device (BYOD) culture have made mobile devices a permanent part of our work lives. As more and more of our lives involve mobile devices, cyberattackers are now targeting those devices with increasingly creative schemes. For example, they are shifting toward AI-driven social engineering attacks aimed at mobile users that exploit passkey and biometric authentication methods. Expect attackers to increasingly use fake push notifications that mimic legitimate apps and drive to phishing websites, exploiting mobile users’ trust in a common communication channel.
Prediction 5: Phishing will continue to erode trust in electoral outcomesIn heightened political climates and emotionally charged atmospheres, voters tend to let their guard down as they try to find new avenues to get their voices heard. Threat actors are poised to escalate phishing campaigns aimed at exploiting the political landscape. For example, an anonymous phishing attempt recently duped users by mimicking official election communications, successfully harvesting sensitive data. Looking forward, we expect similar politically motivated phishing attacks to target voter information platforms, campaign infrastructures, and public discourse channels. Organizations and electoral stakeholders should proactively bolster cybersecurity measures to detect and counter these emerging threats.
Prediction 6: Encrypted messaging platforms will become breeding grounds for phishing attacksPhishing attacks will capitalize on the trust users associate with encrypted messaging platforms. Using bots, for example, attackers will be able to automate illegal activities, from generating phishing pages to collecting sensitive user data. In these scenarios, cybercriminals will be able to impersonate users or authority figures, such as government officials, and urge others to share login credentials or download apps.
Prediction 7: Browser-in-the-browser phishing attacks will escalateBy exploiting users’ trust in open browsers and legitimate websites, browser-in-the-browser phishing attacks simulate a login window on a spoofed domain to steal user credentials. Attackers will increasingly utilize AI-driven customization in browser attacks to, for example, adapt phishing web pages to mimic browser environments more convincingly or analyze user interactions and adjust phishing content based on observed behaviors.
A quick Google search will show that all these predictions are already coming true. In February 2024, a major European retailer suffered a sophisticated phishing attack in which cybercriminals spoofed employee emails to deceive the financial team into transferring funds. As a result, the company lost approximately €15.5 million in cash.
Also in 2024, a global pharmaceutical company was hit with a vishing scheme in which employees received urgent calls from “executives” to immediately wire transfers for a fake acquisition deal, leading to a total loss of US$35 million. Using AI capabilities, the cybercriminals created a cloned voice with a believable accent and tone that made it indistinguishable from a real person.
Mitigate phishing attacks with the Zscaler Zero Trust ExchangeProtecting organizations from user compromise has become an increasingly formidable challenge, particularly as AI-driven phishing attacks gain traction. In this shifting landscape, organizations must evolve their security strategies and incorporate advanced phishing prevention controls into their broader network security defenses.
The cornerstone of an effective defense strategy is the Zscaler Zero Trust Exchange™, which takes a comprehensive approach to cybersecurity and stops conventional and AI-driven phishing attacks by:
Preventing compromise with full TLS/SSL inspection, browser isolation, and policy-driven access control to prevent access to suspicious websites.
Eliminating lateral movement by connecting users directly to apps, not the network.
Shutting down compromised users and insider threats by preventing private app exploit attempts with inline inspection and detecting the most sophisticated attackers with integrated deception.
Stopping data loss by inspecting data-in-motion and at-rest to prevent potential theft.
To learn more about how Zscaler can help you prevent the cyberattacks of tomorrow, check out our other Cybersecurity Predictions for 2025:
8 Cyber Predictions for 2025: A CSO’s Perspective
7 Ransomware Predictions for 2025: From AI Threats to New Strategies
5 Encrypted Attack Predictions for 2025
Request a custom demo on how Zscaler can help address your organization’s ransomware protection needs. Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research. The Zscaler ThreatLabz threat research team continuously monitors threat intelligence from the world’s largest inline security cloud and shares its findings with the wider security community.
Forward-Looking StatementsThis blog contains forward-looking statements that are based on our management’s beliefs and assumptions and on information currently available to our management. These forward-looking statements include, but are not limited to, statements concerning predictions about the state of phishing threats and attacks in calendar year 2025 and our ability to capitalize on such market opportunities; the use of Zero Trust architecture to combat phishing attacks and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions phishing in calendar year 2025. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC’s website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future.
[#item_full_content] [[{“value”:”Every year, cybercriminals sharpen their tools and refine their tactics to exploit network and security vulnerabilities. Gone are the days of clumsy emails with glaring typos and suspicious attachments. Instead, we face an era of new sophistication. No longer just stealing credentials, attackers are creating intricate digital narratives that make it difficult to distinguish friend from foe in our inboxes and DMs.
But these revelations are more than a glimpse in the cybercriminal underworld; they are a call to action. As phishing attacks continue to evolve, so should our defenses.
Phishing predictions for 2025In our ThreatLabz 2024 Phishing Report, we shared the following key predictions for the year to come:
Prediction 1: AI vs. AI will be an enduring challengeEnhanced AI capabilities increase the speed, scale, and automation of cyberattacks. Threat actors will widely adopt AI to craft more sophisticated phishing schemes and advanced techniques in 2025. As cybercriminals leverage publicly available and custom-made AI tools to orchestrate highly targeted campaigns, exploiting the trust of individuals and organizations alike, security vendors will integrate generative AI into their toolkits to enhance threat detection and response capabilities.
Prediction 2: Phishing as a service will intensify its focus on MFA exploitation and AiTMPhishing as a service removes technical barriers, allowing threat actors to launch successful phishing campaigns with limited expertise. They can take advantage of developer knowledge to launch a phishing attack and use advanced techniques to avoid detection. In the coming year, we can expect threat actors to conduct high-volume phishing campaigns aimed at bypassing enterprise multifactor authentication (MFA) through phishing kits that include AI-powered adversary-in-the-middle (AiTM) techniques, localized phishing content, and target fingerprinting.
Prediction 3: Vishing attacks spearheaded by malware groups will surge significantlyAs cybercriminals’ efforts become more sophisticated, they will increasingly turn to targeted voice and video phishing campaigns. For example, AI-driven voice cloning technology enables cybercriminals to mimic the voices of trusted individuals, creating highly realistic impersonations that can trick even the most vigilant people. Combined with the growing amount of VoIP accessibility and caller ID spoofing, attackers can mask their identities and origins, making it more difficult to trace the source of vishing calls.
Prediction 4: Attackers will home in on vulnerabilities inherent in mobile devices and platformsRemote work and bring-your-own-device (BYOD) culture have made mobile devices a permanent part of our work lives. As more and more of our lives involve mobile devices, cyberattackers are now targeting those devices with increasingly creative schemes. For example, they are shifting toward AI-driven social engineering attacks aimed at mobile users that exploit passkey and biometric authentication methods. Expect attackers to increasingly use fake push notifications that mimic legitimate apps and drive to phishing websites, exploiting mobile users’ trust in a common communication channel.
Prediction 5: Phishing will continue to erode trust in electoral outcomesIn heightened political climates and emotionally charged atmospheres, voters tend to let their guard down as they try to find new avenues to get their voices heard. Threat actors are poised to escalate phishing campaigns aimed at exploiting the political landscape. For example, an anonymous phishing attempt recently duped users by mimicking official election communications, successfully harvesting sensitive data. Looking forward, we expect similar politically motivated phishing attacks to target voter information platforms, campaign infrastructures, and public discourse channels. Organizations and electoral stakeholders should proactively bolster cybersecurity measures to detect and counter these emerging threats.
Prediction 6: Encrypted messaging platforms will become breeding grounds for phishing attacksPhishing attacks will capitalize on the trust users associate with encrypted messaging platforms. Using bots, for example, attackers will be able to automate illegal activities, from generating phishing pages to collecting sensitive user data. In these scenarios, cybercriminals will be able to impersonate users or authority figures, such as government officials, and urge others to share login credentials or download apps.
Prediction 7: Browser-in-the-browser phishing attacks will escalateBy exploiting users’ trust in open browsers and legitimate websites, browser-in-the-browser phishing attacks simulate a login window on a spoofed domain to steal user credentials. Attackers will increasingly utilize AI-driven customization in browser attacks to, for example, adapt phishing web pages to mimic browser environments more convincingly or analyze user interactions and adjust phishing content based on observed behaviors.
A quick Google search will show that all these predictions are already coming true. In February 2024, a major European retailer suffered a sophisticated phishing attack in which cybercriminals spoofed employee emails to deceive the financial team into transferring funds. As a result, the company lost approximately €15.5 million in cash.
Also in 2024, a global pharmaceutical company was hit with a vishing scheme in which employees received urgent calls from “executives” to immediately wire transfers for a fake acquisition deal, leading to a total loss of US$35 million. Using AI capabilities, the cybercriminals created a cloned voice with a believable accent and tone that made it indistinguishable from a real person.
Mitigate phishing attacks with the Zscaler Zero Trust ExchangeProtecting organizations from user compromise has become an increasingly formidable challenge, particularly as AI-driven phishing attacks gain traction. In this shifting landscape, organizations must evolve their security strategies and incorporate advanced phishing prevention controls into their broader network security defenses.
The cornerstone of an effective defense strategy is the Zscaler Zero Trust Exchange™, which takes a comprehensive approach to cybersecurity and stops conventional and AI-driven phishing attacks by:
Preventing compromise with full TLS/SSL inspection, browser isolation, and policy-driven access control to prevent access to suspicious websites.
Eliminating lateral movement by connecting users directly to apps, not the network.
Shutting down compromised users and insider threats by preventing private app exploit attempts with inline inspection and detecting the most sophisticated attackers with integrated deception.
Stopping data loss by inspecting data-in-motion and at-rest to prevent potential theft.
To learn more about how Zscaler can help you prevent the cyberattacks of tomorrow, check out our other Cybersecurity Predictions for 2025:
8 Cyber Predictions for 2025: A CSO’s Perspective
7 Ransomware Predictions for 2025: From AI Threats to New Strategies
5 Encrypted Attack Predictions for 2025
Request a custom demo on how Zscaler can help address your organization’s ransomware protection needs. Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research. The Zscaler ThreatLabz threat research team continuously monitors threat intelligence from the world’s largest inline security cloud and shares its findings with the wider security community.
Forward-Looking StatementsThis blog contains forward-looking statements that are based on our management’s beliefs and assumptions and on information currently available to our management. These forward-looking statements include, but are not limited to, statements concerning predictions about the state of phishing threats and attacks in calendar year 2025 and our ability to capitalize on such market opportunities; the use of Zero Trust architecture to combat phishing attacks and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions phishing in calendar year 2025. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC’s website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future.”}]]
