Threat Spotlight: Phishing techniques to look out for in 2025

Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal.

In this blog post we look at how these and other advanced phishing techniques are likely to evolve in 2025. Our expectations are that:

• Phishing-as-a-service (PhaaS) kits will account for half of credential theft attacks next year, up from 30% today, and evolve to steal multifactor authentication (MFA) codes.
• Targeted attacks will feature personalized emotional appeals based on an analysis of the recipient’s social media and communication history, with a rise in extortion/sextortion attacks.
• There will be wider implementation of evasive techniques such as ASCII-based QR codes, Blob URIs, and moving the phishing content from the body of the email to an attachment.
• Attackers will seek out and abuse more content creation and digital publishing platforms.

Phishing-as-a-service and credential theft

Barracuda’s detection data shows that in 2024 more than 85% of phishing attacks targeting customers were out to steal credentials. We expect this to increase to 90% or more over the next year. 

PhaaS thrives in this attack vector. Over the next 12 months, we expect to see more advanced PhaaS kits appear, which will be able to steal MFA codes for credential phishing attacks.

We estimate that PhaaS-based credential phishing attacks currently account for around 30% of credential attacks detected, and we expect this will rise to more than half over the next year.

The abuse of legitimate URL protection services

For us, the most surprising discovery in 2024 was that that phishing attackers were exploiting trusted URL protection services, including those from leading security vendors to mask phishing links in attacks designed to steal credentials. We reported on this tactic in July, and it is still being implemented.

QR code and voicemail phishing

QR code and voicemail phishing currently account for around 20% of overall phishing detections. In October, we reported on the appearance of QR codes created using ASCII/Unicode text blocks, and we expect that tactic to continue to evolve. ASCII-based QR codes and the use of specially crafted Blob URI links are designed to evade detection, and we expect the development and use of these and other evasive techniques to continue and increase into 2025 and beyond.

HR impersonation

We anticipate a rise in phishing attacks impersonating the human resources department. Such attacks currently account for around 10% of the attacks detected, but we expect it to gain traction during the coming year, especially around key tax deadlines.

Misuse of content creation and publishing platform

Around 10% of the phishing attacks we’ve seen in 2024 are hosted in CCP (content creation platform) or DDP (digital document publishing) sites. We reported on this in September and expect the trend to continue as attackers find more CCP and DDP sites to host phishing pages.

Malicious attachments

The use of malicious attachments will continue to increase in popularity. We have already seen scores of emails where the phishing content was included in an HTML or PDF attachment, leaving email body copy empty or with very minimal text. We suspect that this behavior is an attempt to evade the machine learning-based analysis of body copy, and we expect this kind of attack to increase in 2025.

Personalized extortion

During 2024 we observed millions of extortion attacks targeting customers. In November, we reported how these attacks have evolved to threaten customers using Google Street View and photographs to show their home and street. In 2025, we expect extortion attacks to become even more personalized and demand higher payments.

AI with everything

Attackers will increasingly leverage AI, legitimate sites, and redirects to make their phishing attacks look as genuine as possible. With the help of AI, attackers can create even more convincing phishing emails that look exactly like legitimate communications. These will include personalized content, precise grammar, and even human-like emotional appeals based on an analysis of the recipient’s social media and communication history.

Protection against evolving techniques

Phishing remains a powerful cyberthreat. It is relatively low-cost, low-skill, quick and easy to implement and offers high potential success rates. Phishing techniques advanced significantly during 2024, and we expect cyberattackers to continue to refine their methods to circumvent traditional security measures and more during 2025.

Our reports during 2024 show how phishing attacks are becoming more varied, opportunistic, and sophisticated. It is essential to have agile, innovative, multilayered defense strategies and foster a strong security culture to stay ahead of this ever-evolving threat.

Saravanan Mohankumar, Manager of Software Engineeering (Threat Analyst) at Barracuda also contributed to the research for this blog post.