Phishing Is Still King — And It’s Getting Smarter

Phishing remains one of the most successful tools in a cybercriminal’s arsenal because it works. Despite years of awareness, phishing drives credential theft, enabling ongoing attacks that lead to ransomware infections, Business Email Compromise (BEC), and significant data breaches. A 2025 study from TitanHQ and Osterman Research that interviewed over 250 IT professionals found that 64.3% of businesses expect phishing threats to rise; phishing is still king, and it’s getting smarter. So where does this leave businesses and MSPs?

How are AI and Advanced Tactics Evolving Phishing?

Generative AI has taken the world by storm, inserting itself into business processes and everyday life. The powerful capabilities of Generative AI have not been lost on cybercriminals, either. The Osterman report captured the thoughts of businesses and MSPs on the impact of AI on cybersecurity, with almost two-thirds (61.5%) believing that attacks that Generative AI powers will increase the plausibility of cyberattacks. Cybercriminals are putting these advanced technologies and evolved tactics to use in the following ways to deliver more successful phishing attacks and to improve the volume of those attacks:

Generate Believable Phishing Emails

Large language models (LLMs) used in GenAI interfaces like ChatGPT are used to create highly believable phishing emails. Where once typos and grammatical errors could be used to identify phishing emails, LLMs now remove these types of human errors and can also personalize the content of the emails. A research paper co-authored by security guru Bruce Schneier looked at the click-through rates of LLM-generated phishing emails compared to human-created ones. The results show a 19-28% click-through rate for human-created emails, whereas the GPT-generated emails had a 30-44% success rate. The study also tested out a system called V-Triad, which is a set of rules for manually designing phishing emails that exploit specific cognitive heuristics and biases. The emails generated by the V-Triad had a 69-79% and emails generated by GPT plus V-Triad had a 43-81% click-through rate.

Deepfakes

AI technology is also used to generate deepfake videos, audio, and images. Deepfakes are helping to drive the plausibility of phishing. Deepfake-assisted cyberattacks are often multi-part. Osterman describes an example of an attack: “...multistage attacks using WhatsApp and a voice message using the cloned voice of the organization’s CEO and requesting urgent help with a secret transaction.” Osterman found that 59.1% of respondents expect an increase in the threat level of deepfake attacks.

AI-Assisted Phishing to Increase Volumes

AI is used to automate phishing campaigns. Cybercriminals take AI-generated phishing emails and send them as part of widespread attacks. Services like WormGPT and FraudGPT provide Phishing-as-a-Service using AI to assist the development of phishing emails and associated spoof websites and malware.

Osterman research shows that businesses and MSPs know the increased risks of AI-assisted phishing. The report findings show that the highest priority area for cybersecurity spending is protection measures against AI-enhanced attacks.

The Rise of QR Code Phishing and What it Means

AI-assisted phishing is part of a broader push by cybercriminals to evolve tactics and evade detection. Another string to the bow of phishing is QR Code phishing or “Quishing.”

Phishing relies on exploiting human behavior. QR Codes are ubiquitous and trusted by people. Cybercriminals exploit this trust, using spoof QR codes to direct victims to spoof websites. QR Code-enabled attacks often bypass the native protections in Microsoft 365 and other traditional email security solutions. The Osterman study found that among employees at organizations, 20.9% had experienced a QR-code attack, while 21.6% of MSP customers had experienced these attacks. Over half of respondents (51.6%) expect QR Code-enabled attacks to increase.

Exploitation of Microsoft 365

Phishing attackers are exploiting Microsoft 365's popularity by manipulating M365 organization tenants. The attackers have been observed to establish admin accounts before using these accounts to generate text messages that impersonate Microsoft notifications. The attackers also generate bills by making a purchase or subscription and then use these within the M365 infrastructure to send phishing emails.

Train Users, Deploy Smart Tech, or Use Both?

How to protect against sophisticated and evasive phishing is the big question for a business or an MSP on the frontlines of cybersecurity. The accepted wisdom is to use multiple layers of protection. However, this is no longer enough. The Osterman report has provided a surprising insight into this tactic; 98% of respondents used additional security on top of M365 native protection, and yet:

• 79% experienced at least one cybersecurity incident in the past year.
• Half of the organizations experienced between 2 and 4 types of incidents.

Osterman concluded that the answer is not that layers of protection are incorrect; it is the type of protection applied:

“This research makes it clear that smaller businesses (with fewer than 1,000 employees) and MSPs need to strengthen their email security protections, as AI-enabled attacks increase and the threat level of a whole set of email threats intensifies. Strengthening email security protections encompasses technical protections that leverage defensive AI capabilities and human risk management investments that create threat-aware, security competent end users who can identify cyberthreats anywhere, anytime, across any channel.”

The Future of Anti-Phishing is to be More Innovative

Osterman concludes that smart layers of protection must include AI-powered anti-phishing solutions that work alongside integrated Human Risk Management (HRM) that educates users on the tricks of phishing.

PhishShield: The Innovative Layer Approach to Anti-Phishing

If cybercriminals use AI to increase the believability of phishing and automate campaigns, then MSPs and businesses must retaliate by using defensive AI. PhishShield uses AI to fight fire with fire. PhishShield is a next-generation email threat detection solution that utilizes AI in Natural Language Processing (NLP) and machine learning. PhishShield is a significant advance in sophisticated, AI-assisted, and evasive phishing campaign detection. This advance is achieved by PhishShield identifying intent, an essential technique in detecting phishing campaigns developed using AI. PhishShield can determine if an email tries to deceive or manipulate a recipient. PhishShield provides a business with more intelligent security by fighting AI with AI.

What MSPs Can do Now to Stay Ahead of the Curve?

The importance of AI to cybersecurity posture in 2025
Percentage of respondents

The Osterman research concludes that companies and MSPs must incorporate AI into their cybersecurity posture to handle advanced threats. This conclusion is backed by evidence, with 79% of respondents citing that email security solutions that include defensive AI capabilities are "very important" or "extremely important" to their cybersecurity posture in 2025.

MSPs must be ready to tackle the onslaught of AI-assisted phishing campaigns expected over the next 12 months. Defensive AI offers the most significant potential boost to email security. TitanHQ Cybersecurity platform is designed with MSPs in mind, giving you the next generation of email security to ensure that your customers have the best possible protection and that you have the best possible solution.

Curious how TitanHQ can stop threats like phishing, BEC, AI-generated attacks, and deepfakes? Get a free demo and see it in action.