Phishing attempts increase, with over 80% using AI to trick users: KnowBe4

By Erin Ayers, Front Page News

Phishing emails increased 17.3% over the last six months, with the percentage of emails using artificial intelligence (AI) rising over 50% to 82.6% and a 47% rise in the number of emails that successfully evaded detection, according to a recent report from KnowBe4.

According to the firm’s Phishing Threat Trends 2025 report, threats actors have achieved a 22.6% increase in ransomware deployments via phishing emails since Sept. 15, 2024. KnowBe4 warned of a new stage of ransomware.

“This trend is accelerating: between November 1, 2024, and February 15, 2025, there was a 57.5% increase compared to the previous three months,” said KnowBe4 in the report, adding, “With a rise in both ransomware-as-a-service and GenAI lowering the barrier to entry to cybercrime, we’re standing on the edge of another key moment. One that will see an increase in the volume and sophistication of ransomware attacks.”

Additionally, nearly 60% of phishing attempts were sent from compromised emails and the most commonly used words to trick recipients were “urgent,” “review,” and “sign.”

KnowBe4 reported that AI-powered polymorphic phishing “is changing the threat landscape for good.” Polymorphic phishing refers to campaigns with a series of nearly identical emails that aim to trick systems that look for “known bad” senders and can be harder for traditional email security tech to detect. This type of phishing increased steadily each month in 2024, rising to 74.3% of phishing emails by December.

On a positive note, KnowBe4 also saw an improvement in the percentage of employees susceptible to phishing attempts or social engineering post-security awareness training. In an analysis of over 67 million phishing simulations for 14.5 million users, the research indicated a 40% drop from a baseline percentage of 33.1% after three months of training and 86% after 12 months.

KnowBe4 identified healthcare/pharmaceuticals, insurance, and retail/wholesale as the industries with the highest percentage of employees prone to phishing, all above the average at 41.9%, 39.2%, and 36.5% respectively.

Larger organizations tended to have higher phishing-prone percentages at 40.5% compared to 24.6% for organizations with less than 250 employees.

“Ongoing, effective training leads to lasting behavior change and a substantial reduction in vulnerability to cybersecurity threats,” KnowBe4 said in a statement. “This highlights the critical role of continuous education in building a stronger security culture within organizations, even in as little as three months.”