Phishing has persisted as a top cyber threat for over a decade, remaining a widespread and costly attack vector. As we advance into 2025, the methods and technologies behind phishing are expected to evolve, increasing in sophistication to overcome current security measures.
An increasing concern is the commercialisation of phishing through ‘toolkits’ that attackers can purchase. These toolkits, often targeting identity information, have exacerbated phishing risks, with identity and credential compromises involved in 80% of phishing incidents.
A particular phishing technique known as adversary-in-the-middle (AitM) has gained traction, circumventing traditional defences like multifactor authentication (MFA) and Endpoint Detection & Response (EDR). AitM phishing toolkits, including Modlishka, Muraena, and Evilginx, create a reverse proxy between a target and a legitimate website. The attacker intercepts communications, collecting sensitive data while the user remains unaware. This approach bypasses user vigilance by creating seemingly authentic web pages, allowing attackers to capture login credentials and other critical information.
Cyber criminals are expanding their methods with emerging types of phishing, such as quishing, smishing, and vishing. Quishing leverages QR codes embedded with malware, which, when scanned, can compromise a target’s device. Smishing and vishing use SMS and phone calls, respectively, to deceive users into disclosing sensitive data. With personal devices increasingly holding sensitive information, the success rates of these new phishing vectors continue to grow. These variations retain phishing’s core objective, exploiting user trust to gather sensitive information. As these newer techniques gain prominence, user awareness must grow to mitigate their impact.
Cyber Security in 2025
Read our Report
