Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI

Gone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams—exploiting human vulnerabilities with precision.

The Zscaler ThreatLabz 2025 Phishing Report dives deep into the rapidly evolving phishing landscape and uncovers the latest trends, including top phishing targets, real-world examples of AI-driven phishing attacks, and actionable best practices to defend against the next wave of AI-powered phishing threats.

Key findings on phishing attacks

The ThreatLabz research team analyzed over 2 billion blocked phishing transactions captured across the Zscaler Zero Trust Exchange™ cloud security platform from January 2024 to December 2024 and uncovered several key findings:

• Phishing is down but is more targeted: Although global phishing volume dropped 20% in 2024, attackers are shifting strategies, focusing on high-impact campaigns targeting high-value targets to maximize their success rates.
• United States phishing declines but remains #1: The US remains a top target even though phishing in the US dropped 31.8% as a result of stronger email authentication protocols like DMARC and Google’s sender verification, which blocked 265 billion unauthenticated emails.
• Education is under attack: Phishing in education surged 224%, with threat actors exploiting academic calendars, financial aid deadlines, and weak security defenses.
• Crypto scams rise with fake wallets: Fake cryptocurrency platforms are on the rise, luring users into credential-harvesting sites disguised as wallet alerts or login pages under the guise of legitimate transactions.
• Tech support and job scams thrive: With over 159 million hits in 2024, scammers use job sites, social media, and live chat tools to impersonate recruiters or IT staff, stealing sensitive information, credentials, and payment details.
   

Evolving phishing trends to watch in 2025

ThreatLabz uncovered many significant evolving trends in phishing attacks, with attackers adopting advanced tactics to bypass defenses and exploit human trust. The report highlights five key trends shaping the phishing landscape:

• Vishing takes center stage: Voice phishing (vishing) has become a prominent tactic, with attackers impersonating IT support to steal credentials in real time.
• CAPTCHA as a shield for phishing sites: Attackers are using CAPTCHAs to make phishing pages appear legitimate and evade security tools.
• Crypto scams on the rise: Fake cryptocurrency exchanges and wallets lure users through convincing decoy sites, enabling attackers to steal credentials and access victims' digital funds.
• Phishing targets AI hype: Fraudulent "AI agent" websites that mimic real platforms are exploiting the growing trust in AI to steal user credentials and payment details.
   

Zscaler Zero Trust Exchange mitigates AI-powered phishing attacks

Phishing is no longer just spam that clogs inboxes—it is now powered by AI to exploit human vulnerability. The Zscaler Zero Trust Exchange is designed to combat these increasingly sophisticated attacks at every stage of the attack chain, turning the tables on cybercriminals.

Preventing Initial Compromise

Phishing attacks strike where trust is most fragile. Zscaler decrypts and inspects TLS/SSL traffic inline to block malicious content in real time, using AI-powered threat detection to identify phishing sites, malware, and zero day payloads. Suspicious websites are isolated in Zero Trust Browser sessions, shielding users from drive-by downloads, malware, and zero-day infections. Dynamic access controls continuously adjust user permissions based on risk signals, helping block threats without disrupting legitimate user activity and workflows.

Eliminating Lateral Movement

Phishing doesn’t stop at initial compromise—attackers aim to infiltrate and expand. Zscaler prevents lateral movement by connecting users directly to applications—not networks—ensuring compromised accounts can’t cascade into systemic breaches. AI-powered segmentation enforces least-privileged access at the application level, reducing the blast radius to a single siloed application and containing threats before they can spread.

Shutting Down Compromised Accounts and Insider Threats

Zscaler enforces context-aware policies, leveraging signals like user identity and behavior and device posture, to ensure only authenticated users and devices gain access to applications, data, and workloads, strengthened by integrated multi-factor authentication (MFA). For the attackers hiding in the shadows, deception technology deploys fake assets that detect and trap attackers early—catching them before they do real harm.

Preventing Data Theft at Every Level

Zscaler safeguards sensitive data with real-time traffic inspection, even for encrypted data flows, ensuring no exfiltration takes place. Data Loss Prevention (DLP) policies extend these protections across apps, email, and even emerging GenAI tools, securing what matters most.

Phishing may be evolving, but with Zscaler’s Zero Trust Exchange, organizations can stay ahead and redefine their cyber defense for a new generation of threats.
 

Stay ahead of AI-powered phishing attacks

Cybercriminals are raising the stakes and using AI to evade detection and personalize and amplify their attacks. As phishing evolves into more sophisticated and targeted threats, staying ahead requires understanding the latest tactics and adopting proactive defenses. The Zscaler Threatlabz 2025 Phishing Report delivers:

• In-depth analysis: Learn how attackers are weaponizing AI to craft personalized phishing lures.
• 2025 predictions: Get expert insights into the emerging strategies and technologies shaping the future of phishing.
• Actionable best practices: Deploy proven strategies to fortify your defenses against targeted phishing campaigns.

The battle against phishing requires relentless vigilance. Dive into the full report for the insights and tools needed to protect your organization from evolving threats.

Download your copy today.