Phishing remains the most commonly used cyberattack technique worldwide. Despite growing user awareness and the implementation of modern security measures, this method continues to evolve in 2025, surprising with its effectiveness. Cybercriminals adapt their actions to new technologies, such as cloud services, artificial intelligence, and messaging apps, and their messages are increasingly difficult to distinguish from genuine correspondence. Therefore, it is crucial not only to use protective tools but also to develop the ability to recognize suspicious signals independently.

Common characteristics of phishing attacks

Phishing attacks rely on human manipulation - they exploit haste, emotions, and lack of verification. Typical elements that should raise suspicion include:

• Unusual sender or email address – Messages may impersonate a bank, online store, or courier company, but the address often contains typos or strange domain extensions.
• Urgent call to action – For example, "Your account will be blocked within 24 hours," or "Unpaid invoice – click here." The attack relies on fear and time pressure.
• Suspicious links and attachments – A link may lead to a page that looks almost identical to the original, but with an extra character or foreign domain. Attachments often contain hidden macros or malware.
• Language and formatting errors – Although cybercriminals increasingly use AI tools for translations in 2025, minor linguistic inconsistencies or unusual layouts still occur.
• Requests for confidential data – Banks, operators, or government agencies never ask for passwords, card numbers, or SMS codes via email.

Examples of phishing in 2025

Phishing using artificial intelligence

Cybercriminals have started using generative language models to create perfectly sounding messages. In 2025, a wave of emails impersonating well-known IT companies was detected, where AI customized the content according to the recipient’s industry and position, using publicly available information on LinkedIn.

Deepfake voice phishing (Vishing)

A new trend involves phone calls where attackers use voice synthesis. In one high-profile case in Europe, a finance department employee received a call from a “director” whose voice sounded authentic - it was actually a deepfake generated in real time.

Phishing in messaging apps and mobile applications

Attacks have moved from emails to messaging apps such as WhatsApp, Signal, and Slack. Cybercriminals send fake links to app updates or impersonate colleagues, requesting sensitive data as part of an “urgent task.”

Attacks on online payment systems

The popularity of instant payment methods (e.g., BLIK, Apple Pay, Google Pay) has led to fake SMS and push notifications encouraging users to “confirm a transaction.” In 2025, Poland saw an increase in such scams, particularly during the pre-holiday season.

How to protect yourself from phishing

• Always check the sender’s address and links before clicking.
• Do not provide passwords or codes in response to an email or SMS.
• Use multi-factor authentication (MFA).
• Keep systems and applications updated—many attacks exploit old security vulnerabilities.
• Report suspicious messages to the IT department or CERT—this helps protect the entire organization.

Summary

Phishing in 2025 is no longer a primitive scam with poor translations. It is sophisticated, often automated attacks using artificial intelligence, deepfakes, and new communication channels. The ultimate goal remains the same: to steal data, money, or access to systems. Therefore, the best defense is still user vigilance, supported by modern security tools and awareness that any suspicious message could be the start of an attack.