The 2025 report by ThreatLabz, the cybersecurity research team of Zscaler, reveals a transformation in the cyber threat landscape. While the overall volume of phishing attacks is declining (-20% globally in 2024), their nature is becoming more sophisticated, more targeted, and harder to detect. This shift, far from being anecdotal, deeply questions corporate cybersecurity strategies.

A Phishing Landscape Remodeled by GenAI

Where mass phishing campaigns relied on volume, new attacks, powered by generative AI, target critical business functions: finance, human resources, payroll, IT. These surgical attacks exploit human vulnerabilities with formidable precision, simulating professional content almost indistinguishable from actual internal company communications. Thanks to extreme personalization, AI outsmarts traditional detection systems, which rely on signatures or classic heuristics.
ThreatLabz researchers analyzed over 2 billion phishing attempts blocked via the Zscaler Zero Trust Exchange cloud security platform, between January and December 2024, and identified several key trends:
  • The rise of vishing: Voice phishing (vishing) attacks are gaining ground, with fraudsters posing as IT support teams to steal credentials;
  • CAPTCHA traps: Cybercriminals now use CAPTCHAs to make their fraudulent sites credible and bypass detection;
  • Phishing-as-a-Service and AI deepfakes: AI allows attackers to create fake websites and doctored videos, making scams even more convincing;
  • Crypto scams are skyrocketing: Fake cryptocurrency exchanges and wallets lure users through deceptive sites;
  • The education sector is particularly affected: Phishing in education has soared by 224%, with cybercriminals taking advantage of school calendars, financial aid deadlines, and insufficient security defenses.

From Social Networks to the Cybersphere: The New Frontiers of Risk

In 2024, over 159 million tech support and job scams were recorded, targeting victims on social networks and community platforms. Telegram, Facebook, or Steam thus become playgrounds for cybercriminals: malware deployment, brand impersonation, social engineering phishing, personal data collection. This porosity between personal and professional spheres complicates cybersecurity, making traditional protections less effective.

Cybercriminals Focus on Emerging Markets

Highly digitized countries are experiencing a decrease in attacks: while the United States remains the primary target, these were reduced last year by 31.8% thanks to authentication protocols like DMARC and sender verification by Google. Cybercriminals are redirecting their efforts towards areas where digital growth outpaces security investments: Brazil, Hong Kong, Netherlands. These regions serve as testing grounds for locally adapted tactics, sometimes re-exported to other regions.

Translated from L'IA change les règles du jeu en cybersécurité : vers une accélération du phishing ciblé contre les opérations critiques des entreprises

To better understand

How is generative artificial intelligence used to sophisticate phishing attacks?

Generative artificial intelligence is used to create personalized and professional content, making attacks more convincing and harder for traditional security systems to detect.

What authentication protocols are mentioned that helped reduce phishing attacks in the United States?

The authentication protocols include DMARC and Google's sender verification, which enhance security by validating email origins and reducing phishing risks.