• by Ray Schultz , Columnist, April 15, 2025

AI may be creeping in as an email marketing tool, but there is one area where it absolutely excels: Phishing. 

Of phishing emails sent from September 15, 2004 to February 15, 2025, 82.6% exhibited some use of AI, a 53.5% increase YoY, according to KnowBe4’s Phishing Threat Trends Report. 

Moreover, 92% of polymorphic attacks used AI to achieve unprecedented scale. 

What is a polymorphic attack? “Polymorphic phishing campaigns consist of a series of almost identical emails which only differ by a small detail,” the study states. “These slightly altered attacks can be difficult to detect by systems that look out for ‘known bad’ (blocklisting of known fraudulent addresses and payloads).”

This is happening amidst a 17.3% increase in phishing emails over the prior six months.

"As ever, innovation in phishing threats and defenses is accelerating rapidly," says Jack Chapman, senior vice president of threat intelligence at KnowBe4. "In this report, we have observed cybercriminals evolving their tactics, leveraging ransomware and polymorphic campaigns with new strategies to evade detection by both traditional and advanced technologies.”

The study lists these legitimate platforms as the top five used to send phishing emails: DocuSign, Paypal, Microsoft, Google Drive, and Salesforce. The most impersonated brands include Microsoft, Docusign, Adobe, Paypal, and LinkedIn.

At the same time, the study reports a 22.6% increase in ransomware payloads. Phishing hyperlinks jumped by 36.8%, malware by 20%, and social engineering tactics by 14.2% over the prior six months.

Moreover there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection, the study adds -- as well as 64% of attacks related to hiring focused on engineering roles.

The answer? Chapman concludes that a “strong security culture starts with detection but is reinforced by awareness, continuous education, and adaptive technology."