Kaspersky says phishing has entered a dangerous new phase as cybercriminals weaponise artificial intelligence to deceive even the most vigilant users, driving a record 142 million blocked phishing link clicks in the second quarter of 2025, a 3.3 per cent increase from the first quarter.
The cybersecurity firm warns that AI-powered deception is fuelling a shift in tactics, with attackers exploiting deepfakes, voice cloning, and trusted platforms to target not just passwords, but biometric and signature data.
Read also: Kuwait busts Nigerian-led cybercrime ring targeting telecoms, banks
According to Kaspersky’s latest report, five AI-driven tactics are behind this surge:
1. Personalised AI-generated scams
Large language models are enabling attackers to craft flawless, convincing emails, websites and messages that mimic legitimate sources. Gone are the spelling and grammar errors that once exposed scams. AI-driven bots now impersonate real users on social media and messaging apps, engaging victims in long, trust-building conversations to lure them into romantic or investment scams.
2. Deepfake and voice cloning impersonations
Cybercriminals are using realistic audio and video deepfakes to impersonate colleagues, celebrities, or even bank officials. Automated calls with AI-generated voices trick targets into sharing two-factor authentication (2FA) codes, granting attackers access to accounts and enabling fraudulent transactions.
3. Exploiting trusted platforms for delivery
Attackers are hiding in plain sight by using legitimate services such as Telegram’s Telegraph tool to host phishing content, and Google Translate’s link format to bypass security filters. These tactics make malicious links appear credible to both victims and automated defences.
4. CAPTCHA as a cloaking device
Phishing sites are increasingly deploying CAPTCHA, a tool usually associated with trustworthy platforms, to throw off anti-phishing algorithms. By placing CAPTCHA before the malicious content, attackers lower the chance of their sites being flagged and blocked.
5. Targeting biometrics and signatures
A significant shift is underway from stealing passwords to harvesting immutable data such as facial biometrics, electronic signatures and handwritten signatures. Fraudulent sites request camera access under the guise of account verification, capturing biometric identifiers that can’t be changed. Signatures are stolen through fake document-signing platforms, creating serious reputational and financial risks for businesses.
Read also: Police secure conviction of 21 foreign nationals in Abuja cybercrime syndicate bust
“The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords; they are targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences,” said Olga Altukhova, a security expert at Kaspersky.
The report also warns of sophisticated, short-lived campaigns such as “Operation ForumTroll” earlier in 2025, in which targeted phishing emails impersonating the “Primakov Readings” forum exploited a zero-day Chrome vulnerability. Once the exploit was neutralised, the malicious links redirected victims to the legitimate event site, erasing traces of the attack.
Kaspersky’s advice for staying safe includes verifying unsolicited messages and links, refusing camera access to unverified sites, avoiding signature uploads to unknown platforms, and limiting personal information shared online. The company recommends its Kaspersky Next and Kaspersky Premium solutions for corporate and individual protection.
