- GenAI is fueling more convincing phishing, BEC scams, and multichannel deception campaigns, report claims
- Phishing now makes up 77% of attacks; ClickFix threats surged fivefold in 2025
- Mimecast urges MFA, anomaly detection, and layered defenses to counter AI-powered threats
Cybercriminals are increasingly weaponizing Generative Artificial Intelligence (GenAI) to refine their tactics, automate deceptions, and overwhelm traditional defenses, new research from Mimecast has claimed.
Based on information accumulated from its systems, insights from its intelligence analysts, and open source intelligence on the latest threats, the report states that AI-driven phishing, social engineering, and multichannel attacks are becoming both more common and more convincing.
In fact, Mimecast found that phishing now accounts for 77% of all attacks, up from 60% in 2024 – a spike it attributes to the rapid adoption of AI tools among threat actors.
ClickFix up five times
“We’re seeing a clear evolution in attacker behavior in 2025, headlined by an exponential rise in AI-driven threats,” said Ranjan Singh, Mimecast Chief Product & Technology Officer, noting financial institutions, regulators, and even city governments are being targeted by both profit-motivated ransomware groups and state-backed actors.
There are many ways in which cybercriminals abuse GenAI. They can create flawless lures that mimic vendors, executives, or coworkers. They can craft entire email threads, generate synthetic voices, and realistic audio messages that can easily slip past detection systems.
Mimecast added that there’s been a surge in business email compromise (BEC) scams, including one global invoice fraud campaign where AI-generated messages urged recipients to approve payments.
Mimecast also said the number of ClickFix attacks increased five times year-on-year, now taking up roughly 8% of all the incidents recorded in the first six months of 2025.
Trusted tools such as DocuSign, Salesforce, Adobe Pay, and others, are being constantly abused, while legitimate CAPTCHA services are being misused to hide phishing campaigns. Just one threat actor – Scattered Spider – was linked to more than 900,000 detections.
How to stay safe
To better defend against AI-powered threats, businesses need to combine technology, training, and vigilance. Implementing multi-factor authentication (MFA) is always a good start, which can be further bolstered through the use of advanced email defenses that use anomaly detection and AI models.
Next, businesses should invest in employee awareness programs and run phishing simulations, and they should adopt a multi-layered security framework (endpoint protection, network monitoring, trusted service abuse checks). Finally, they should continuously update both their systems and policies.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
The best antivirus for all budgets
https://cdn.mos.cms.futurecdn.net/vzyNLzHyZed9Ws2YrDn55A-970-80.jpg
Source link
