Phishing attacks are surging worldwide, with more than 142 million malicious link clicks blocked in just three months, according to new data. The findings, published in Kaspersky’s latest report, highlight how cybercriminals are using AI-driven deception and stealth tactics to target sensitive personal and business information.
Cybercriminals are now exploiting deepfakes, voice cloning and even legitimate platforms such as Telegram and Google Translate to steal sensitive data. Beyond passwords, attackers are targeting biometric information, electronic signatures and handwritten signatures, creating risks with potentially lasting consequences.
AI Transforming Phishing Attacks
Artificial intelligence is transforming phishing into a highly personalised and convincing attack. Using large language models, attackers create deceptive emails, messages, and websites that closely mimic legitimate sources, removing the grammatical errors that typically expo scams.
AI-powered bots on social media and messaging apps impersonate real users to engage victims in extended conversations, building trust and facilitating scams, including fraudulent romantic or investment schemes. These interactions often involve AI-generated audio messages or deepfake videos, making the deception harder to detect.
Moreover, attackers are leveraging AI-generated audio and video deepfakes to impersonate trusted individuals such as colleagues, celebrities, or bank officials.
For example, AI-driven automated calls can imitate bank security teams and trick victims into revealing two-factor authentication codes, leading to account breaches or fraudulent transactions.
AI tools also analyse publicly available data from social media and corporate websites to tailor highly targeted attacks, such as fake HR emails or calls containing personal details.
New Methods of Evasion
Phishers are utilising legitimate online tools to bypass detection. Telegram’s Telegraph platform, designed for publishing text, has been repurposed to host malicious content. Google Translate’s URL structure is also being abused, producing links that resemble authentic addresses while masking phishing pages.
Some phishing sites now integrate CAPTCHA challenges — a technique more commonly associated with trusted platforms — before revealing the malicious content. This tactic helps fraudulent pages slip past automated security filters, which may be less likely to flag sites containing CAPTCHA.
New Focus of Phishing
The focus of phishing attacks is also shifting. Cybercriminals are moving from stealing passwords to targeting personal data that cannot be changed, such as biometrics and signatures.
Fraudulent websites trick users into granting camera access under false pretences. This allows attackers to capture facial biometric data, which cannot be altered if stolen.
The stolen data can be used to access accounts without authorisation or sold on the dark web. Electronic and handwritten signatures are also at risk. Attackers impersonate platforms like DocuSign or ask users to upload signatures to fake services. These tactics create serious reputational and financial risks for organisations.
Warnings and Advice for the Future
Olga Altukhova, security expert at Kaspersky, emphasises the gravity of this evolution: “The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords—they’re targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defenses. Users must stay increasingly sceptical and proactive to avoid falling victim.”
Earlier in 2025, Kaspersky uncovered a sophisticated phishing campaign termed Operation ForumTroll. This operation targeted media, educational, and government organisations in Russia by sending personalised emails inviting recipients to the “Primakov Readings” forum.
By clicking the link, victims were compromised via a zero-day vulnerability in the latest Google Chrome, requiring no further action. The malicious links were short-lived, frequently redirecting to the legitimate website after the exploit was neutralised, making detection difficult.
Related
Click Here For The Original Source.
