Kaspersky has warned that artificial intelligence is accelerating phishing. In its latest report, the firm said it blocked over 142 million phishing link clicks worldwide in the second quarter of 2025. That is a 3.3% global rise and a 25.7% jump in Africa from the previous quarter.
Phishing has moved beyond crude emails with errors. Criminals now use large language models to craft convincing messages, websites, and human-like bots that hold long chats with victims. These bots, common on social media and messaging apps, drive romance scams, fake investments, and bogus promotions, often backed by AI-generated audio or deepfake videos.
Attackers also use AI to impersonate colleagues, celebrities, and bank staff in realistic calls and videos. Some run fake bank security calls with cloned voices to steal two-factor authentication codes and take over accounts. They mine public data from social media and company sites to tailor HR-themed emails and calls that cite real personal or work details.
To dodge detection, scammers abuse legitimate platforms. Telegram’s Telegraph service hosts phishing pages. Google Translate URLs are manipulated to mask bad links as translation pages. Some phishing sites even add CAPTCHA to mimic trusted security checks and evade filters.
Targets are also shifting. Stolen logins still matter, but criminals now want biometric data and signatures, which are hard or impossible to change once exposed. Fraud sites ask for camera access for “verification” to capture faces and other biometrics. Campaigns posing as digital signing tools like DocuSign trick users into uploading electronic or handwritten signatures. Criminals can use both to access sensitive accounts or sell them on underground markets, creating long-term risk.
“The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users,” said Olga Altukhova, a Kaspersky security expert. “Attackers are no longer satisfied with stealing passwords — they’re targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defences.”
The report also cites Operation ForumTroll in early 2025. Attackers invited media, government, and academic bodies to the “Primakov Readings” via personalised emails. Clicking the links triggered an exploit for a then-unknown Google Chrome flaw. To avoid detection, the links worked only briefly before redirecting to the real conference site.
Kaspersky urges users to verify unexpected messages, calls, and requests, be cautious with camera permissions, and avoid uploading signatures to unverified platforms. It also recommends Kaspersky Next for businesses and Kaspersky Premium for individuals.
