Phishing Research
Research Hub
- AI & LLM Security Research
- SaaS Risk & Shadow IT Research
- Original Research & Reports
- AI & Cybersecurity Policy Tracker
- Cyber & AI Market Intelligence
- AI Model Benchmark Lab
- Security & AI Glossary
- Breach & Incident Timeline
- Ransomware Research
- » Phishing Research
- Supply Chain Attack Research
- Social Engineering Research
- Nation-State Threat Research
- Malware Analysis Research
- Cyber Insights Library
Contact Us
Independent cybersecurity and AI research — free to browse, updated as the threat landscape moves, with no vendor sponsorship influencing the coverage.
Phishing Statistics, Techniques, and AI-Driven Trends
Phishing remains involved in the large majority of reported security incidents, and it continues to evolve faster than most organisations’ training programmes can keep pace with. The technique itself is simple: trick a person into clicking a malicious link, opening a malicious attachment, or handing over credentials by impersonating someone or something they trust. What has changed is the sophistication of the impersonation, not the underlying mechanism.
This page covers how phishing is categorised, what current loss data shows, and how AI and adversary-in-the-middle techniques have changed the threat in the past two years.
Types of Phishing and Why AI Changed the Game
Phishing is a category, not a single technique. Mass phishing sends generic messages to large numbers of recipients, relying on volume. Spear phishing targets specific individuals using research about that person or organisation, and achieves significantly higher success rates as a direct result. Whaling is spear phishing aimed specifically at senior executives.
Generative AI has narrowed the quality gap between targeted spear phishing and cheap, mass-produced attacks. Verizon collaborated directly with Anthropic’s Safeguards Team for the 2026 DBIR, analysing 793 threat actors flagged for AI misuse. The median actor used AI across 15 distinct MITRE ATT&CK techniques. Of AI-assisted initial access specifically, 44% mapped to phishing and 32% to vulnerability exploitation. The finding: AI is a force multiplier on known methods, not a fundamentally new attack surface.
Source: Verizon 2026 Data Breach Investigations Report, conducted in collaboration with the Anthropic Safeguards Team.
- Phishing losses grew 208% year-over-year to $215.8M in 2025 despite flat complaint volume (FBI IC3)
- Mobile-based phishing simulations show 40% higher engagement than email simulations (Verizon 2026 DBIR)
- Median AI-assisted threat actor used AI across 15 distinct MITRE ATT&CK techniques
- 44% of AI-assisted initial access mapped to phishing specifically
- Adversary-in-the-middle (AiTM) phishing steals session cookies and MFA tokens directly
- Named PhaaS platforms: Tycoon 2FA, FlowerStorm, Darcula — lower the technical bar for AiTM at scale
- Vishing (voice phishing) using cloned audio is now a documented enterprise threat vector
- Verizon-Anthropic joint analysis covered March 2025 to February 2026 threat actor activity
Adversary-in-the-Middle Phishing and Phishing-as-a-Service
Adversary-in-the-middle (AiTM) phishing is a technical evolution that defeats standard multi-factor authentication. Rather than just stealing a password, an AiTM proxy sits between the victim and the legitimate login page in real time, capturing the session cookie and authentication token generated after the victim completes MFA. The attacker then replays that session, fully authenticated, without ever needing the original password again.
This technique has been industrialised through named phishing-as-a-service platforms including Tycoon 2FA, FlowerStorm, and Darcula, which package AiTM capability into a rentable kit and significantly lower the technical skill required to run this style of attack at scale.
Beyond email, vishing (voice phishing) and smishing (SMS phishing) extend the same social engineering logic to phone calls and text messages — see our dedicated Social Engineering Research page for the human-manipulation side of these attacks in depth.
Phishing is a social engineering technique where an attacker impersonates a trusted person, brand, or system to trick a victim into clicking a malicious link, opening a malicious attachment, or disclosing credentials. It is typically delivered by email but increasingly also by text message and phone call.
Phishing is broad-based, sending generic messages to large numbers of recipients. Spear phishing targets specific individuals with messages tailored using research about that person or their organisation, achieving significantly higher success rates as a result.
Generative AI drafts grammatically flawless, contextually appropriate phishing content at near-zero cost, narrowing the quality gap between mass phishing and targeted spear phishing. A Verizon-Anthropic joint 2026 analysis found 44% of AI-assisted initial access mapped specifically to phishing.
AiTM phishing uses a real-time proxy positioned between the victim and a legitimate login page to capture the session cookie and authentication token generated after MFA completes, letting the attacker reuse an already-authenticated session without needing the original password.
Verizon's 2026 DBIR found mobile-based phishing simulations produced 40% higher engagement rates than email simulations. Security awareness training has historically focused on spotting suspicious emails, leaving text messages and phone calls comparatively unprotected.