A recent KnowBe4 report analyzed phishing threats at the start of 2025. Between September 15, 2024 and February 14, 2025 there was a 17.3% increase in phishing emails compared to the previous six months. The report found that 82.6% of all phishing emails analyzed exhibited some use of AI.

The report observes a 22.6% increase in ransomware payloads. The phishing hyperlink, malware, and social engineering payloads getting through traditional detection have surged, with phishing hyperlinks increasing by 36.8%, malware by 20%, and social engineering tactics by 14.2% compared to the previous six months.

Additionally, there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection. The top five legitimate platforms used to send phishing emails include DocuSign, Paypal, Microsoft, Google Drive, and Salesforce. Currently the most impersonated brands include Microsoft, Docusign, Adobe, Paypal and LinkedIn.

The report examines the unprecedented scale of polymorphic phishing tactics, now present in 76.4% of all phishing campaigns, which use AI-generated variations to bypass traditional security measures. Meanwhile, ransomware payloads in phishing attacks have risen by 22.6% over six months, with a sharp 57.5% increase in just three months. The research also highlights how cybercriminals are increasingly targeting the hiring process, with 64% of attacks focused on engineering roles, exploiting their access to critical systems and data.

Read the report.