SiliconANGLE reports that analysis showed phishing-as-a-service kits were used in 90% of high-volume phishing campaigns in 2025 as attacks became more sophisticated and harder to detect.Barracuda Networks' Threat Spotlight: How phishing kits evolved in 2025 report found that the number of known phishing kits doubled during the year, making it easier for less-skilled attackers to launch campaigns while increasing technical complexity overall. Common phishing themes remained largely unchanged, including payment fraud, voicemail scams, and document-related lures, but the realism of attacks improved significantly.Attackers increasingly relied on generative artificial intelligence to closely copy the tone, branding, and writing style of legitimate services such as Docusign and Microsoft. QR codes were often used to shift victims from desktop systems to less-protected mobile devices.Advanced methods were widespread, with multifactor authentication bypass and URL obfuscation seen in 48% of campaigns and CAPTCHA abuse in 43%. Malicious QR codes also appeared in almost one-fifth of attacks. New phishing kits entered the market while established tools like Mamba 2FA remained heavily used.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds