- GenAI Powers More Convincing Phishing, BEC Scam, and Multi-Channel Deception Campaigns, Report Says
- Phishing now represents 77% of attacks; ClickFix threats quintupled in 2025
- Mimecast recommends multi-factor authentication, anomaly detection, and layered defenses to counter AI-based threats.
Cybercriminals are increasingly using generative artificial intelligence (GenAI) to refine their tactics, automate deceptions and overwhelm traditional defenses, according to new research from Mimecast.
Based on information accumulated from its systems, insights from its intelligence analysts and open source intelligence on the latest threats, the report indicates that AI-based phishing, social engineering and multi-channel attacks are becoming both more common and more convincing.
In fact, Mimecast found that phishing now accounts for 77% of all attacks, up from 60% in 2024 – a spike it attributes to the rapid adoption of AI tools by bad actors.
Click FixFix five times
“We see a clear shift in attacker behavior in 2025, marked by an exponential increase in AI-based threats,” said Ranjan Singh, Mimecast’s chief product and technology officer, noting that financial institutions, regulators and even municipal governments are being targeted by both profit-motivated ransomware groups and state-backed actors.
Cybercriminals abuse GenAI in many ways. They can create impeccable decoys that imitate salespeople, managers or co-workers. They can create entire chat threads, generate synthetic voices and realistic audio messages that can easily evade detection systems.
Mimecast added that there had been a rise in business email compromise (BEC) scams, including a global invoice fraud campaign in which AI-generated messages urged recipients to approve payments.
Mimecast also said the number of ClickFix attacks has increased five-fold year-over-year, now accounting for around 8% of all recorded incidents in the first six months of 2025.
Trusted tools like DocuSign, Salesforce, Adobe Pay, and others are constantly abused, while legitimate CAPTCHA services are misused to hide phishing campaigns. A single threat actor – Scattered Spider – has been linked to over 900,000 detections.
How to stay safe
To better defend against AI-based threats, businesses must combine technology, training and vigilance. Implementing multi-factor authentication (MFA) is always a good start, which can be further strengthened through the use of advanced email defenses using anomaly detection and AI models.
Next, companies should invest in employee awareness programs and run phishing simulations, and they should adopt a multi-layered security framework (endpoint protection, network monitoring, trust service abuse controls). Finally, they must continually update their systems and policies.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
The best antivirus for every budget
