AI-Driven Phishing and BEC Threats Surge as Cybercriminals Weaponize Generative AI, Mimecast Warns
Key Points
- Generative AI is being used to create highly convincing phishing and BEC attacks.
- Phishing now accounts for 77% of all recorded cyber attacks.
- ClickFix threats have increased fivefold, making up about 8% of incidents in early 2025.
- Trusted tools such as DocuSign, Salesforce and Adobe Pay are repeatedly abused by threat actors.
- Scattered Spider is linked to over 900,000 detections across multiple campaigns.
- Mimecast recommends MFA, AI‑driven email anomaly detection, and layered security training.
- Continuous updates to systems and policies are essential to counter evolving AI threats.
A new Mimecast report finds that cybercriminals are increasingly leveraging generative artificial intelligence to create more convincing phishing, business email compromise (BEC) and multichannel deception campaigns. Phishing now accounts for 77% of attacks, while ClickFix threats have risen fivefold and represent roughly 8% of incidents in the first half of 2025. The report highlights abuse of trusted tools such as DocuSign and Salesforce, and cites the Scattered Spider group as linked to over 900,000 detections. Mimecast recommends multi‑factor authentication, advanced email defenses with anomaly detection, and layered security training to counter the rising AI‑powered threat landscape.
Generative AI Amplifies Cyber Threats
Mimecast’s latest threat intelligence report, compiled from internal systems, analyst insights and open‑source data, reveals a marked escalation in the use of generative artificial intelligence (GenAI) by threat actors. Cybercriminals are employing AI to craft highly persuasive phishing lures, automate business email compromise (BEC) scams and orchestrate multichannel deception campaigns that blend email, voice and synthetic media.
Phishing Dominates the Attack Landscape
According to the report, phishing now represents 77% of all recorded attacks, a significant increase from the previous year. AI‑generated content enables attackers to mimic vendors, executives and coworkers with unprecedented realism, producing entire email threads, synthetic voices and realistic audio messages that can evade traditional detection mechanisms.
Rise of ClickFix and BEC Scams
ClickFix attacks have surged fivefold year‑on‑year, accounting for roughly 8% of incidents in the first six months of 2025. The report also documents a sharp rise in BEC scams, including a global invoice fraud campaign where AI‑generated messages urged recipients to approve payments. Trusted services such as DocuSign, Salesforce and Adobe Pay are repeatedly abused, while legitimate CAPTCHA services are repurposed to conceal phishing operations.
Notable Threat Actors
The Scattered Spider group is highlighted as a prolific actor, being linked to more than 900,000 detections across multiple campaigns. Targets span financial institutions, regulators, city governments and other public and private entities, reflecting a broadening of the attacker profile to include profit‑motivated ransomware groups and state‑backed actors.
Expert Commentary
Ranjan Singh, Mimecast’s Chief Product & Technology Officer, described the trend as “a clear evolution in attacker behavior,” emphasizing the exponential rise of AI‑driven threats across sectors.
Mitigation Recommendations
Mimecast urges organizations to adopt a layered defense strategy. Core recommendations include implementing multi‑factor authentication (MFA), deploying advanced email security solutions that leverage anomaly detection and AI models, and maintaining continuous system and policy updates. Employee awareness programs, regular phishing simulations and comprehensive security frameworks—covering endpoint protection, network monitoring and trusted‑service abuse checks—are also advocated to reduce exposure to AI‑enhanced attacks.