After peaking at over two billion hits in 2023, phishing volume declined for a second straight year, dropping nearly 20 percent year over year in 2024 and 2025.
But this doesn’t mean the end of phishing – a cyberattack that uses fraudulent emails, text messages and phone calls or websites to trick people into sharing their personal and sensitive data, like credit card numbers and passwords.
Experts believe the decline in phishing in the past year was actually a recalibration of sorts amid stronger email controls, identity defenses, and platform-level enforcement disrupt large-scale delivery.
Adversaries are continuing to shift toward fewer, more targeted lures that blend into real business workflows, especially in hightrust sectors like Services (up 65.5 percent YoY) and Government (up 50 percent YoY).
AI as a Catalyst
AI is fueling this next phase of phishing, helping attackers industrialize highly convincing campaigns that look and feel like legitimate business interactions. In 2025, 87 percent of malicious activity blocked by Zscaler, a leading cloud enterprise security provider, was delivered over encrypted channels, meaning credential theft and session abuse often blend into normal-looking web traffic.
Without TLS/SSL inspection and inline controls, security teams lose visibility into the phishing infrastructure and the actions that follow the click – not just the email that started it.
According to ThreatLabz 2026 Phishing and Initial Access Report, AI site builders are accelerating phishing at scale. An estimated 413,524 AI-generated site instances, and 37,447 was flagged as malicious.
Unattributed builders drove the highest risk – 16.48 percent malicious rate, enabling rapid, high-fidelity phishing sites, fake apps, and Potentially Unwanted Applications (PUAs)/Progressive Web Applications (PWA) lures.
Large-scale, spray-and-pray campaigns are being disrupted by stronger email controls, identity protections, and platform-level enforcement, making it harder to deliver phishing at scale.
AI is the catalyst for that shift, helping adversaries get more impact out of fewer attempts by improving the quality, speed, and adaptability of modern phishing operations.
Also Read: Optimal Transit Introduces Kraaken – World’s First Self-Powered Maritime AI Infra
The report highlighted the service industry as the new phishing jackpot, surging 65.5 percent year over year, growing from 330.9 million to 547.7 million hits. Hackers are exploiting routine trust in billing, renewals and support workflows.
Moreover, 95.2 percent of phishing activity was delivered over encrypted channels.
Rise and Fall in Phishing
The United States continues to absorb the largest share of targeted phishing activity, but volume declined 13.35 percent year over year from 773.4 million hits in 2024. The decline reflects coordinated disruption rather than reduced attacker interest.
Google launched a legal and technical operation in November 2025 against the Lighthouse phishing-as-a-service network, dismantling infrastructure that had powered millions of scam messages across more than 200,000 phishing sites.
This went beyond domain seizure to include server shutdowns and disruption of attacker-controlled distribution channels. Major markets followed similar trajectories, each declining roughly one-third year over year: India (-33.43 percent), Germany (-32.73 percent), the United Kingdom (-33.23 percent), and Australia (-33.28 percent). In Australia, high-profile breaches earlier in the year triggered a nationwide reset in cybersecurity posture.
In Europe, the contraction was even more pronounced. Spain saw phishing activity drop 52.79 percent, from 41.6 million to 19.7 million, driven by accelerated government and enterprise response following a wave of public sector and infrastructure incidents. These catalysed faster detection, stronger identity controls, and hardened email security – effectively compressing the phishing attack lifecycle.