Summary: Overview and evolution of phishing 2024–2025

The 2024–2025 period confirmed phishing as one of the main global cyberattack vectors. After a slight decline in 2024, attacks in 2025 once again exceeded one million per quarter, reaching more than 1,130,000 in the second quarter and consolidating this figure as the new benchmark.

Beyond volume, its impact is structural: 37% of global breaches begin with phishing or associated malware, maintaining it as a primary entry point in critical incidents.

In the financial sector, between 59% and 66% of ransomware and extortion cases begin with phishing campaigns, while pretexting and BEC account for between 24% and 25% of financial attacks, reinforcing their role as a common source of significant economic losses.

Evolution of attack volume

Data show a clear resurgence in growth during 2025. In 2024, 877,000 attacks were recorded in the second quarter and 989,000 in the fourth quarter, while in 2025 the figure consistently exceeded one million incidents per quarter.

This behavior confirms that approximately one million quarterly attacks are becoming the new global reference, placing phishing in a scenario of sustained high activity.

Phishing and artificial intelligence

Artificial intelligence has become a central element in the evolution of phishing. Current attacks include more realistic fraudulent websites, short-lived campaigns designed to evade detection systems, and the growing use of video and voice deepfakes.

AI-generated phishing content increased by 22% year-over-year. Additionally, approximately 15% of credential theft attacks now incorporate mechanisms resistant to multi-factor authentication, reflecting a significant increase in the technical sophistication of these campaigns.

Phishing-as-a-Service models and reduced technical barriers

The expansion of phishing-as-a-service and fraud-as-a-service models has significantly lowered the entry barrier for malicious actors. These schemes enable the deployment of complex campaigns without advanced technical knowledge, accelerating their impact.

This evolution has turned phishing into a highly scalable threat, capable of rapidly adapting to traditional defense mechanisms while maintaining a constant pace of innovation.

Notable frauds and growing typologies

Among the most relevant campaigns are investment scams such as “Nomani,” whose detections increased by 62% year-over-year, with more than 64,000 malicious URLs blocked in 2025.

At the same time, phishing has expanded beyond email. 19% of breaches are attributed to smishing and vishing, highlighting the diversification of channels used for impersonation and deception.

Phishing 2024–2025: Growth and increased sophistication

Although 2024 saw a temporary decline compared to the historical peaks of 2023, the trend clearly rebounded in 2025, surpassing one million quarterly attacks and reaching the highest levels since the previous year. This confirms that phishing does not follow isolated cycles, but rather a sustained pattern of growth and continuous adaptation.

The use of artificial intelligence, the expansion of phishing-as-a-service models, and the diversification of techniques such as deepfakes, smishing, and vishing have increased campaign sophistication. The 2024–2025 period demonstrates that phishing is no longer a temporary threat, but a structural risk that directly impacts credential security, operational continuity, and organizational financial stability.

Would you like to learn more?

At ESED, we have developed a detailed report on: Phishing Cyberattacks Summary 2025. It provides a comprehensive analysis with figures and specific defense strategies for businesses, covering the state of phishing cyberattacks both globally and in Spain.