2025 Phishing Trends: Omni-Channel Attacks, PhaaS Dominance, and Bypassing Phishing-Resistant Authentication
Summary
Hide ▲
Show ▼
In 2025, phishing attacks evolved significantly, becoming more sophisticated and widespread across multiple channels. Attackers increasingly targeted non-email vectors such as LinkedIn DMs and Google Search, leveraging Phishing-as-a-Service (PhaaS) kits to bypass MFA and other security controls. The year saw a rise in techniques like consent phishing, device code phishing, and ClickFix, which allowed attackers to circumvent traditional authentication methods. These trends highlight the need for security teams to adapt their strategies to address the evolving threat landscape.
Timeline
-
15.12.2025 17:05 1 articles · 2h ago
2025 Phishing Trends: Omni-Channel Attacks and Bypassing MFA
In 2025, phishing attacks became more sophisticated and widespread, targeting non-email channels such as LinkedIn DMs and Google Search. Attackers used PhaaS kits to bypass MFA and other security controls, employing techniques like consent phishing, device code phishing, and ClickFix. These trends highlight the need for security teams to adapt their strategies to address the evolving threat landscape.
Show sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05
Information Snippets
-
Approximately 1 in 3 phishing attacks in 2025 were delivered outside of email.
First reported: 15.12.2025 17:051 source, 1 articleShow sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05
-
LinkedIn DMs and Google Search were among the top non-email channels used for phishing campaigns.
First reported: 15.12.2025 17:051 source, 1 articleShow sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05
-
PhaaS kits like Tycoon, NakedPages, and Sneaky2FA are widely used to facilitate sophisticated phishing attacks.
First reported: 15.12.2025 17:051 source, 1 articleShow sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05
-
Attackers are using techniques such as consent phishing, device code phishing, and ClickFix to bypass phishing-resistant authentication methods.
First reported: 15.12.2025 17:051 source, 1 articleShow sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05
-
Detection evasion methods such as bot protection, extensive redirect chains, and multi-stage page loading are commonly employed by attackers.
First reported: 15.12.2025 17:051 source, 1 articleShow sources
- 2025’s Top Phishing Trends and What They Mean for Your Security Strategy — www.bleepingcomputer.com — 15.12.2025 17:05