Gone are the days of mass phishing campaigns. Today's attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams—exploiting human vulnerabilities with precision.

The Zscaler ThreatLabz 2025 Phishing Report dives deep into the rapidly evolving phishing landscape and uncovers the latest trends, including top phishing targets, real-world examples of AI-driven phishing attacks, and actionable best practices to defend against the next wave of AI-powered phishing threats.

Key findings on phishing attacks

The ThreatLabz research team analyzed over 2 billion blocked phishing transactions captured across the Zscaler Zero Trust Exchange™ cloud security platform from January 2024 to December 2024 and uncovered several key findings:

  • Phishing is down but is more targeted: Although global phishing volume dropped 20% in 2024, attackers are shifting strategies, focusing on high-impact campaigns targeting high-value targets to maximize their success rates.
  • United States phishing declines but remains #1: TheUS remains a top target even though phishing in the US dropped 31.8% as a result of stronger email authentication protocols like DMARC and Google's sender verification, which blocked 265 billion unauthenticated emails.
  • Education is under attack: Phishing in education surged 224%, with threat actors exploiting academic calendars, financial aid deadlines, and weak security defenses.
  • Crypto scams rise with fake wallets: Fake cryptocurrency platforms are on the rise, luring users into credential-harvesting sites disguised as wallet alerts or login pages under the guise of legitimate transactions.
  • Tech support and job scams thrive: With over 159 million hits in 2024, scammers use job sites, social media, and live chat tools to impersonate recruiters or IT staff, stealing sensitive information, credentials, and payment details.

Evolving phishing trends to watch in 2025

ThreatLabz uncovered many significant evolving trends in phishing attacks, with attackers adopting advanced tactics to bypass defenses and exploit human trust. The report highlights five key trends shaping the phishing landscape:

  • Vishing takes center stage: Voice phishing (vishing) has become a prominent tactic, with attackers impersonating IT support to steal credentials in real time.
  • CAPTCHA as a shield for phishing sites: Attackers are using CAPTCHAs to make phishing pages appear legitimate and evade security tools.
  • Crypto scams on the rise: Fake cryptocurrency exchanges and wallets lure users through convincing decoy sites, enabling attackers to steal credentials and access victims' digital funds.
  • Phishing targets AI hype: Fraudulent "AI agent" websites that mimic real platforms are exploiting the growing trust in AI to steal user credentials and payment details.

Zscaler Zero Trust Exchange mitigates AI-powered phishing attacks

Phishing is no longer just spam that clogs inboxes—it is now powered by AI to exploit human vulnerability. The Zscaler Zero Trust Exchange is designed to combat these increasingly sophisticated attacks at every stage of the attack chain, turning the tables on cybercriminals.

Preventing Initial Compromise

Phishing attacks strike where trust is most fragile. Zscaler decrypts and inspects TLS/SSL traffic inline to block malicious content in real time, using AI-powered threat detection to identify phishing sites, malware, and zero day payloads. Suspicious websites are isolated in Zero Trust Browser sessions, shielding users from drive-by downloads, malware, and zero-day infections. Dynamic access controls continuously adjust user permissions based on risk signals, helping block threats without disrupting legitimate user activity and workflows.

Eliminating Lateral Movement

Phishing doesn't stop at initial compromise—attackers aim to infiltrate and expand. Zscaler prevents lateral movement by connecting users directly to applications—not networks—ensuring compromised accounts can't cascade into systemic breaches. AI-powered segmentation enforces least-privileged access at the application level, reducing the blast radius to a single siloed application and containing threats before they can spread.

Learn more at Zscaler.com/security

Zscaler https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5tcyNkDr4lqeP29jJNeCWF7kpEp9LwP3RzzSWfuUOFMaPW7S8-zchAQOKHwKACLloe355K90RHstIaWvrnkJuxGoJQtCKP44XS5JJQU36WGArLSf7QXCUE3MRASA1Qk_MZ3AxYBq_C12RjVs9WiQi7aloY8ydnL8_kU40-XLZkTUDpw4BgmMMOrjAMnA/s728-rw-e365/zz.png
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.