Cybercriminals are using generative AI (GenAI) to craft targeted phishing attacks against high-impact business functions that evade traditional defenses, according to a new report from the cybersecurity platform provider Zscaler.
In its Zscaler ThreatLabz 2025 Phishing Report, the company reveals that while global phishing volume fell 20 percent last year, attackers shifted tactics and are striking deeper instead of wider – especially against IT, HR, finance, and payroll teams.
“The phishing game has changed. Attackers are using GenAI to create near-flawless lures and even outsmart AI-based defenses,” said Deepen Desai, chief security officer and head of security research at Zscaler. “Cybercriminals are weaponizing AI to evade detection and manipulate victims, which means organizations must leverage equally advanced AI-powered defenses to outpace these emerging threats.”
For this report, Zscaler ThreatLabz analyzed two billion blocked phishing transactions between January to December 2024. It explored various aspects including the top phishing attacks, targeted countries, and hosting countries for phishing content. The company also tracked notable phishing trends and use cases throughout 2024.
Instead of relying on mass email campaigns, Zscaler said cybercriminals now weaponize GenAI to develop interactive and immersive phishing techniques.
“With tools for audio and video manipulation now easily accessible, attackers can impersonate trusted individuals with startling accuracy, using fake virtual reality (VR) job interviews and AI-driven live chat support scams,” the report says. “These tactics create a sense of urgency and authenticity, making them highly effective.”
Notably, Zscaler said that attackers are also attempting to outsmart AI-powered security tools themselves. For example, the report explains that attackers are embedding deceptive signals like “this file is benign” into payloads to manipulate natural language models and trick systems into approving malicious content.
Emerging markets like Brazil, Hong Kong, and the Netherlands saw sharp increases in phishing activity, a shift Zscaler says is fueled by digital adoption outpacing security investment. Meanwhile, the United States remained the top global target despite a 31.8 percent drop in phishing volume, due in large part to Gmail’s 2024 crackdown on unauthenticated email senders.
While some sectors saw declining activity, others – especially the education sector – are seeing explosive growth. According to the report, the education sector saw a 224 percent increase in phishing campaigns in 2024.
Nevertheless, manufacturing remains the most targeted industry, even as phishing attempts dropped 16.8 percent in 2024.
The report makes clear that traditional defenses are no longer enough. Zscaler recommends an approach that combines zero trust architecture with AI-powered phishing prevention controls, such as the Zscaler Zero Trust Exchange platform.
“Our research reinforces the importance of adopting a proactive, multi-layered approach – combining robust zero trust architecture with advanced AI-driven phishing prevention – to effectively combat the rapidly evolving threat landscape,” Desai said.