- GenAI is fueling more convincing phishing, BEC scams and multi-channel fraud, reports claim
- Phishing now accounts for 77% of attacks; ClickFix threats increased fivefold by 2025
- Mimecast encourages MFA, anomaly detection and layered defenses to counter AI-driven threats
Cybercriminals are increasingly weaponizing Generative Artificial Intelligence (GenAI) to refine their tactics, automate deception and overwhelm traditional defenses, new research from Mimecast has claimed.
Based on information accumulated from its systems, insights from its intelligence analysts and open source intelligence on the latest threats, the report states that AI-powered phishing, social engineering and multi-channel attacks are becoming both more common and more compelling.
In fact, Mimecast found that phishing now accounts for 77% of all attacks, up from 60% in 2024 – an increase it attributes to the rapid adoption of AI tools among threat actors.
Click Fix up five times
“We see a clear evolution in attacker behavior in 2025, headlined by an exponential increase in AI-driven threats,” said Ranjan Singh, Mimecast Chief Product & Technology Officer, noting that financial institutions, regulators and even city governments are being targeted by both profit-motivated ransomware groups and state-backed actors.
There are many ways cybercriminals abuse GenAI. They can create flawless decoys impersonating salespeople, managers or colleagues. They can create entire email threads, generate synthetic voices and realistic audio messages that can easily slip past detection systems.
Mimecast added that there has been an increase in business email compromise (BEC) scams, including a global invoice fraud campaign where AI-generated messages encouraged recipients to authorize payments.
Mimecast also said that the number of ClickFix attacks increased fivefold year-on-year and now accounts for about 8% of all incidents recorded in the first six months of 2025.
Trusted tools such as DocuSign, Salesforce, Adobe Pay and others are constantly abused, while legitimate CAPTCHA services are misused to hide phishing campaigns. Only one threat actor – Scattered Spider – was associated with more than 900,000 detections.
How to stay safe
To better defend against AI-driven threats, companies need to combine technology, training and vigilance. Implementing multi-factor authentication (MFA) is always a good start, which can be further strengthened through the use of advanced email defenses that use anomaly detection and AI models.
Next, companies should invest in employee awareness programs and run phishing simulations, and they should adopt a multi-layered security framework (endpoint protection, network monitoring, trusted service abuse control). Finally, they should continuously update both their systems and policies.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
