KnowBe4's Phishing Threat Trends Report Highlights 2025 Challenges

KnowBe4's fifth edition of the Phishing Threat Trends Report explores key phishing threats for 2025.

The report details trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Based on data generated by KnowBe4 Defend, this edition highlights the growing threat of ransomware and how cybercriminals are using sophisticated tactics to evade native security and secure email gateways. It investigates how Artificial Intelligence (AI) is being employed to create polymorphic phishing campaigns and the increasing success of attacks bypassing traditional defenses.

Key findings from the report include:

Between September 15, 2024, and February 14, 2025, phishing emails increased by 17.3% compared to the previous six months.
82.6% of analyzed phishing emails showed some use of AI.
The report notes a 22.6% increase in ransomware payloads.
Phishing links, malware, and social engineering tactics among those bypassing traditional detection increased by 36.8%, 20%, and 14.2%, respectively.
There was a 57.9% rise in attacks sent from compromised accounts that evaded traditional detection.
The top five legitimate platforms used to send phishing emails included DocuSign, Paypal, Microsoft, Google Drive, and Salesforce.
Commonly impersonated brands included Microsoft, DocuSign, Adobe, Paypal, and LinkedIn.

The report highlights the unprecedented scale of polymorphic phishing tactics, now present in 76.4% of phishing campaigns, utilizing AI-generated variations to evade traditional security. During the same time, ransomware payloads in phishing attacks have risen by 22.6%, demonstrating a 57.5% increase within three months. The research indicates cybercriminals increasingly target the hiring process, with 64% of attacks aimed at engineering roles, exploiting access to critical systems.

Jack Chapman, senior VP of threat intelligence at KnowBe4, stated, “As ever, innovation in phishing threats and defenses is accelerating rapidly. In this report, we observe cybercriminals evolving their tactics, leveraging ransomware and polymorphic campaigns with new strategies to evade detection. A strong security culture starts with detection but is reinforced by awareness, continuous education, and adaptive technology.”

The Phishing Threat Trends Report, Vol 5 is available for download here.

Sector Intelligence: Observability and Threat Detection Updates

Sector Intelligence: Cloud, API & Workload Security

Sector Intelligence: Networking & Network Automation