"The number of known phishing kits doubled, with 90 percent of large-scale campaigns relying on phishing-as-a-service. According to Barracuda's report "Threat Spotlight: How phishing kits evolved in 2025," 90 percent of large-scale phishing campaigns last year were based on phishing kits that are sold or rented as a service. These kits made it easier for less experienced attackers to carry out attacks, while at the same time increasing technical sophistication."
"The big difference, Barracuda Networks explains, was in the realism of the attacks. Attackers increasingly used generative AI to produce convincing emails that closely match the tone, branding, and writing style of legitimate services such as Microsoft and DocuSign. In addition, QR codes were often embedded in emails and documents. The aim was to lure victims away from corporate desktops to less protected mobile devices. Some campaigns even split or nested QR codes to evade detection by email security tools."
Ninety percent of large-scale phishing campaigns in 2025 used phishing kits sold or rented as phishing-as-a-service, and the number of known phishing kits doubled. Phishing-as-a-service lowered the skill barrier while increasing technical sophistication. The five largest malware families accounted for 60 percent of observed attacks, reflecting heavy reuse of known malware. Attackers used generative AI to craft highly realistic emails that matched tone, branding, and writing style of services like Microsoft and DocuSign. Common lures such as HR messages, invoice fraud, and voicemail scams persisted. QR codes were embedded to redirect victims to less protected mobile devices, sometimes nested to evade email security.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]