Email Security Under Pressure: Phishing Kits to Double in 2025

According to Barracuda’s Phishing Report 2025 , the number of phishing-as-a-service (PhaaS) kits is expected to double by 2025, placing increasing pressure on security teams to combat an increasingly evolving threat.

New malicious actors, such as Whisper 2FA and GhostFrame, have introduced particularly ingenious and evasive tools and tactics, including several techniques designed to hinder analysis of malicious code. At the same time, established groups such as Mamba and Tycoon have continued to evolve and operate successfully. Each of these kits has been responsible for millions of attacks.

Barracuda’s analysis highlights that in 2025 the most commonly used techniques in phishing kits were:

• bypassing multi-factor authentication, present in 48% of attacks;
• URL obfuscation, also detected in 48% of cases;
• CAPTCHA abuse for evasion purposes, used in 43% of attacks;
• polymorphic techniques and the use of malicious QR codes, found in approximately 20% of attacks;
• the abuse of trusted online platforms (10%) and the use of generative AI tools, such as no-code development platforms (also 10%).

The themes of phishing emails remain largely similar to those of previous years, but have gradually become more refined thanks to the use of generative artificial intelligence and other advanced tools.

By 2025, nearly one in five phishing emails (19%) were related to payment and invoice scams . Communications involving digital signatures and document reviews accounted for 18% of attacks, while those related to human resources accounted for 13% . Many messages leveraged trusted brands, imitating websites and logos with an ever-increasing level of accuracy.

“Phishing kits reached a new level in 2025, growing in both number and sophistication,” said Ashok Sakthivel, Director of Software Engineering at Barracuda. “This has made advanced and comprehensive attack platforms capable of supporting large-scale campaigns available to even the most inexperienced cybercriminals. These kits integrate techniques designed to make it increasingly difficult for users and security teams to detect and prevent fraud. To stay protected, organizations must move beyond static defenses and adopt multi-layered strategies, including user training, phishing-resistant MFA, continuous monitoring, and central email security as part of an integrated and comprehensive security strategy.”

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

Redazione

The Red Hot Cyber Editorial Team provides daily updates on bugs, data breaches, and global threats. Every piece of content is validated by our community of experts, including Pietro Melillo, Massimiliano Brolli, Sandro Sana, Olivia Terragni, and Stefano Gazzella. Through synergy with our industry-leading partners—such as Accenture, CrowdStrike, Trend Micro, and Fortinet—we transform technical complexity into collective awareness. We ensure information accuracy by analyzing primary sources and maintaining a rigorous technical peer-review process.