13 min read

2025 Industry Predictions

By WMC Global Threat Intelligence Team on 1/8/25 9:30 AM

Topics: SMS Attack Phishing Kit Threat Intel Data Exfiltration Government Passwords SMS Phishing Credential Phishing smishing Vishing financial institutions
hand-holding-lock-surrounded-by-branches-of-cybersecurity

Rapid technological innovation is greatly influencing the maturity of today’s threat landscape and the ways in which threat actors are choosing to target their victims. WMC Global expects global phishing attacks in 2025 to be heavily influenced by AI and emerging technology which will allow scammers to scale their campaigns efficiently. The rise of Rich Communications Services (RCS) messaging is also expected to present new smishing challenges as it bypasses traditional carrier firewalls. Additionally, the spotlight on Telegram is driving threat actors to seek new ways of communing and driving up security around the platforms in which they congregate. WMC Global’s 2025 threat predictions are detailed below.  

1. AI-Powered Phishing Attacks

  • Hyper-Personalization: AI will increasingly enable the creation of highly targeted phishing messaging by analyzing potential victims' social media profiles, public data, or breached database, then posing as a known party to the victim, mimicking the impersonated sender's writing style and incorporating personal details, making the content more believable. This allows for specific targeting of any user in a fraction of a second and threat actors are expected to leverage AI to rapidly perform this at scale. 
  • Real-time Adaptation: Threat actors will scale phishing attacks to dynamically adjust lure content and delivery schedule based on user interactions, increasing the attacks’ effectiveness and impact dynamically during the phishing campaign. Threat actors can get extremely granular about how they are running their campaigns, using advanced data analytics from AI to improve campaigns’ efficacy. AI chatbots can produce intelligence capable of replacing a number of skilled individuals that can adapt on the fly. 
  • Increased Sophistication: Threat actors will progressively use generative AI to craft convincing phishing content, mimicking legitimate language, tone, and formatting with minimal errors. This will eliminate many barriers for foreign threat actors and increase the number of “good” kit creators overall. 
  • Realistic Video and Audio Deepfakes: Deepfake technology will continually be used to create highly convincing videos and audio recordings of individuals, enabling attackers to impersonate them in all types of phishing attacks. Currently these attacks are focused on deepfaking high-profile individuals and celebrities, but this year, WMC Global expects to see threat actors begin to mimic family members and personal contacts of their intended victims. Attackers will clone voices of trusted individuals close to the intended targets, making it difficult for the victims to identify fraudulent calls. It is possible that initial conversations could be entirely AI-run, which would allow for rapid scaling. WMC Global expects the barrier-to-entry to lower, steering phishing attempts to target end users as much as business’ employees. 
  • Attack Localization: Phishing campaigns will draw from AI’s vast knowledge base to increasingly adapt campaigns to include regional languages, cultural norms, and local events (e.g., tax seasons, elections). 

 

2. IoT and Smart Device Phishing

  • Credential Harvesting Through IoT Devices: Attackers will exploit vulnerabilities in Internet of Things (IoT) devices to steal user credentials and gain access to connected networks. WMC Global expects to see an increase in password reuse across devices as the sheer volume of devices connecting to the internet continues to increase. Additionally, users will not associate these devices, like household appliances, with having any risk to their digital lives. 
  • Phishing Attacks Targeting Smart Home Devices: Phishing attacks will increasingly target smart home devices to compromise user accounts and control devices remotely. The devices could be home assistants like Alexa or anything that connects to the internet. Threat actors could use several AI tools to research targets and ask them to reset their account passwords. This attack technique can be further weaponized beyond just phishing, by using AI to find and exploit this access, allowing more threat actors to follow in their path. A threat actor could take the credentials and try them against higher value accounts like email, bank logins, and corporate or government sites. The IoT device could be used to mine crypto using the owners’ electricity with the threat actor receiving all the gains. Additionally, the threat actor could add the IoT into a botnet (currently quite common) and use the botnet for malicious actions like DDoS attacks, sending mass campaign messages, running crypto miners at scale, or hiring out access to the botnet to the highest bidder.

 

3. Phishing Kits and Dark Web Markets

  • Increased Availability of Sophisticated Phishing Kits: Phishing kits continue to become more sophisticated and easier to use, enabling a wider range of attackers to launch large-scale phishing campaigns. WMC Global is seeing an increase in new kits entering the market with multi-factor authentication (MFA) bypassing becoming the standard. Threat actors will accomplish this through cookie-stealers and MITM (“man-in-the-middle") type kits. Additionally, threat actors will employ unique and different ways of creating the impression that a user is on a legitimate site. Threat actors will use AI to generate new ways to create legitimate-looking experiences using tricks like fake pop-ups and browsers within browsers. 
  • Emerging Dark Web Markets for Phishing Services: Currently there are dark web markets specializing in specific threats and sectors such as botnets and malware; however, there is no dedicated dark web site specializing in selling high-quality trusted phishing kits. WMC Global predicts a new dark web marketplace will emerge specializing in the sale and distribution, and potentially hosting, of high-quality MITM or MFA bypass kits. This market could also sell the credentials on behalf of the collecting threat actor or allow a controlling threat actor free access to sell the data elsewhere. Such a market could centralize the selling of phishing kits which currently takes place in various places online resulting in a fragmented setup and threat actors finding it hard to advertise their kits to a large scalable audience. 

 

4. Regional Targeting

  • Geopolitical Exploitation: Threat actors will further exploit geopolitical tensions and regional crises to target credentials. With global events like elections, economic sanctions, and regional conflicts dominating the news, phishing campaigns will be increasingly tailored to these narratives. For example, campaigns may impersonate government agencies offering financial relief or international organizations seeking aid contributions. These phishing emails will include links to fraudulent portals designed to harvest credentials under the guise of eligibility verification or registration. Countries with strained relations or fragile political landscapes will see a surge in such activity, as public trust in official communications becomes a vector for exploitation. 
  • Regional Phishing-as-a-Service (PaaS) Networks: The evolution of phishing-as-a-service (PaaS) will drive localized credential phishing in 2025. Threat actors will provide features like automated credential validation, enabling attackers to verify stolen logins in real time, making their campaigns more effective and scalable. 
  • Increased Focus on Underserved Sectors: Threat actors will scale their targeting of critical sectors in underserved regions, such as healthcare, education, and agriculture, which often lack robust cybersecurity measures. Attackers will exploit the reliance on outdated systems and the rise of digital services in these sectors. For example, phishing campaigns may impersonate education ministries requesting access to digital learning portals or healthcare providers requiring logins for medical records.
     

5. Expansion of Digital Footprint

  • Smishing leveraging Rich Communications Services (RCS): WMC Global expects to see a slow but steady increase in peer-to-peer (P2P) Rich Communications Services (RCS) phishing. The type of messaging differs from other messaging, partially because RCS has broader messaging capabilities than traditional SMS Unlike SMS, MMS features such as images and videos can be added into RCS messages, though RCS goes a step further by enabling significantly more dynamic content. RCS messaging bypasses carrier firewalls, meaning the carriers have limited visibility into RCS traffic.
  • Web3 Threats: Credential theft targeting crypto wallets, decentralized finance (DeFi) platforms, and blockchain users are growing rapidly, especially through fake wallet apps or phishing sites mimicking popular platforms. Threat actors will likely target people using “get rich quick” schemes as lures. 

 

Combating the many forms of phishing as technology swiftly advances will be an ongoing effort that relies on all affected parties to contribute to the solution. Approaching this challenge proactively by placing threat hunting at the forefront of cybersecurity programs is crucial. Organizations and their security teams will also benefit from choosing vendors that provide requested insight into new attack trends and additional cyberthreat intelligence team (CTI) support for trend analysis. Carriers and enterprise messaging platforms should also continue to update gateways and filtering rules with relevant information to proactively stop smishing campaigns from reaching consumers and should perform regular threat actor activity checks on their networks or passthroughs. Google and Apple should create messaging APIs that allow third-party messaging firewalls and security organizations access to message content. Finally, companies need to encourage their customers and employees to report suspicious activity both to their respective carriers and to any additional institutions in question. No matter where technology takes us, if all members of the phishing attack chain are committed to proactively preparing for the inevitable, the entire ecosystem will have a better chance at squashing incidents as they arise. 

-------------------------------

About WMC Global 

WMC Global is a cybersecurity market leader in digital threat intelligence with specific expertise in mobile, having partnered with Tier 1 mobile carriers for the past two decades and launched the United States’ first mobile market compliance program. 
 
The WMC Global portfolio is at the forefront of fighting malicious text messages, eradicating phishing and smishing attacks, and stopping cyber criminals from targeting large brands, financial institutions, and governments. WMC Global helps security teams scale in response to mobile threats by providing its partners with proprietary data feeds of phishing attacks (including intelligence from active phishing kits), mobile investigation and disruption services, threat response and takedown services, automated partner due diligence, and customer experience monitoring.
WMC Global Threat Intelligence Team

Written by WMC Global Threat Intelligence Team