KnowBe4, a global leader in cybersecurity and human risk management, has unveiled new insights from its 2025 Phishing Threat Trends Report, Volume Six, revealing a major shift in attacker behavior and a surge in phishing activity stemming from compromised accounts.
According to the research, cybercriminals are increasingly exploiting legitimate business platforms and leveraging advanced social engineering tactics to evade detection. This evolving strategy highlights a growing need for organizations to strengthen trust and risk management practices across both human and AI systems.
Cyber Technology Insights : Seemplicity Releases Four AI Agents to Bring Action to Enterprise Exposure Management
“As attackers continue to exploit legitimate platforms and manipulate users through increasingly sophisticated social engineering techniques, organizations must focus on building workforce trust management,” said Jack Chapman, Senior Vice President of Threat Intelligence at KnowBe4. “Our analysis shows clear seasonal attack patterns throughout 2025 — from HR-themed phishing in January and Valentine’s scams in February to tax-related lures in April and major event-themed campaigns during the U.S. Open. To stay ahead, companies must evolve beyond traditional email defenses and adopt AI-driven detection within a holistic human risk management (HRM) framework.”
Key Highlights from the Report
- Scattered Spider’s Retail Rampage:
The notorious cybercrime group Scattered Spider launched multiple attacks against high-profile retailers, including M&S, Co-op, and Harrods, leading to hundreds of millions in losses. Following these breaches, secondary phishing waves emerged, impersonating the compromised brands to collect customer credentials. The group’s tactics combined social engineering, voice phishing (vishing), multi-factor authentication (MFA) fatigue attacks, and credential theft — blending technical precision with psychological manipulation.
Cyber Technology Insights : Corsha and Dragos Join Forces to Elevate OT Security with Automated Machine Identity Security
- Voice Phishing Skyrockets:
Phone-based phishing incidents (vishing) surged by 449% compared to 2024. Researchers noted that 5.5% of phishing emails contained only a phone number as a payload. Alarmingly, 77% of the callback numbers used AI-generated voices, and 69% of these attacks were financially motivated — involving fraudulent refund requests, bogus bank detail updates, or fake fund transfers. - Exploitation of Legitimate Platforms:
Cybercriminals increased their abuse of trusted services such as QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date. These campaigns are particularly dangerous because they bypass DMARC checks 100% of the time, making them appear authentic to email security systems. By sending malicious communications from verified domains, attackers are effectively using trust itself as a weapon.
Cyber Technology Insights : Bernard Gavgani, ex-BNP Paribas Global CIO, Joins 1touch.io Board to Drive AI Data Security
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
