Online fraud packages doubled in 2025 — cyber threats grow more sophisticated

The number of known phishing-as-a-service kits (PhaaS) doubled in 2025, increasing pressure on security teams trying to defend against ever more sophisticated attacks. This is the finding of Barracuda’s annual phishing review for 2025.

New phishing kits such as Whisper 2FA and GhostFrame introduced innovative, hard-to-detect techniques, including methods designed to complicate malware analysis. At the same time, established tools like Mamba and Tycoon continued to evolve and flourish. Each kit was responsible for millions of attacks worldwide.

The most common techniques observed in phishing kits during 2025 included:

Bypassing multi-factor authentication — used in 48 percent of attacks
URL obfuscation — 48 percent
Abuse of CAPTCHA to evade detection — 43 percent
Polymorphic techniques and malicious QR codes — each roughly 20 percent
Malicious attachments — 18 percent
Abuse of trusted online platforms and the use of generative AI — each 10 percent

The themes used in phishing campaigns were largely the same as in previous years, but many were refined using generative AI. In 2025 nearly one in five (19 percent) phishing emails involved payment and invoice fraud. Digital signature and document review themes accounted for 18 percent, while HR-related documents appeared in 13 percent of incidents. Many attacks leveraged well-known brands, imitating websites and logos with increasing precision.

nätfiske – Antalet nätfiskepaket fördubblades under 2025 – hoten blir mer sofistikerade | IT-Branschen

“Phishing kits advanced further in 2025, both in number and sophistication. They function as full attack platforms that enable even less experienced cybercriminals to launch powerful, large-scale attacks,” says Ashok Sakthivel, Director of Software Engineering at Barracuda.

“To defend against these threats, organizations must move away from static defenses and adopt layered strategies: user training, phishing-resistant MFA, and continuous monitoring. Email security must be a central element of an integrated, comprehensive security strategy,” Sakthivel concludes.

Read more about phishing trends and developments in 2025 on Barracuda’s blog

phishing kits 2025 phishing-as-a-service PhaaS phishing kit advanced phishing AI phishing MFA bypass email security cyber threats phishing statistics cybersecurity analysis Barracuda phishing report 2025 email threat landscape phishing research threat analysis global report Nordic companies European IT market Whisper 2FA GhostFrame Mamba Tycoon QR code attacks polymorphic malware CAPTCHA abuse URL obfuscation malicious attachments trusted cloud platforms generative AI payment fraud invoice fraud digital signatures document review HR documents brand impersonation fake websites logo imitation social engineering email fraud vendor email security cloud security cyber resilience threat detection SOC security platform enterprise security SaaS managed security MSSP