Resource Library

Phishing is evolving fast—and it’s getting personal. In 2024, the cyberthreat landscape saw a dramatic shift as attackers moved away from mass email campaigns and toward hyper-targeted social engineering tactics like vishing (voice phishing) and smishing (SMS phishing). While global phishing volume declined, the quality, precision, and psychological manipulation behind attacks reached new heights.

This strategic pivot is fueled by better defenses but also by a new offensive playbook. Today’s threat actors are adapting faster than ever, using generative AI to craft flawless phishing lures and realistic decoys. And in a new twist, they’re also attempting to outsmart AI-powered security tools themselves.

From fake AI platforms and crypto exchanges to job and tech support scams, attackers are expanding their playbook. The Zscaler ThreatLabz 2025 Phishing Report offers a front-row view of these emerging threats—along with best practices to help organizations detect, defend, and outmaneuver the next generation of phishing attacks.