2026 Spam and Phishing Report Reveals AI Surge and QR Code Quishing Boom

Home » News
Yash Shield
News
Reading time icon 2 min. read

Calendar icon Published on

The 2025 Spam and Phishing Report shows a massive rise in AI-driven phishing attacks. Click-through rates hit 54% for AI-crafted emails, four times higher than human ones. QR code quishing also exploded as attackers hide malware in scam links.

Phishing caused $17,700 in losses every minute last year. AI tools boosted success by 400% in some cases. Attackers used large language models for natural text that beats spam filters. Traditional defenses struggle against these smart fakes.

Voice phishing grew too, with deepfakes up 15%. HTTPS phishing sites jumped 47%, now at 80% of cases. Google blocks 15 billion bad emails daily, but threats keep scaling. New phishing sites launch every 20 seconds worldwide.

Keepnet Labs reports: “AI is dramatically increasing success rates, with click rates up to 4x higher than traditional methods. A 2025 report noted a 400% rise in successful phishing scams due to AI tools.”

Hunto AI states: “AI-generated phishing emails have a 54% click-through rate, compared to just 12% for human-written phishing messages.”

Key 2025 Statistics

TrendStatImpact
AI Phishing CTR54% vs 12% human4x success rate
Phishing Growth4,151% since ChatGPTBillions blocked daily
Quishing RiseNew QR scams every dayBypasses mobile filters
Vishing/Deepfakes30% orgs hit, +15%Exec impersonation
HTTPS Phishing80% of sitesLooks legitimate ​

Attack Tactics

  • AI crafts perfect grammar and context.
  • Spear-phishing matches human experts at 56% CTR.
  • QR codes lead to fake login pages.
  • Polymorphic emails change to dodge rules.

Training cuts clicks to 1.5%. Reporting jumps 28% with drills. New hires face 44% higher risk in first 90 days.

The complete execution flow of the RenEngine malware (Source – Securelist)

Protection Steps

  • Use AI email filters with human review.
  • Train staff on QR code checks.
  • Block suspicious domains fast.
  • Watch for brand spoofs like Microsoft (51.7%).
Defense LayerActionTools
Email GatewayAI + behavioral rulesProofpoint
User TrainingSims, reportingKnowBe4
MFA EverywhereAdaptive checksOkta
Mobile ScansQR validatorsYubico ​

FAQ

What drove phishing surge in 2025?

AI tools spiked emails 4,000%+ with 54% click rates.

How bad is quishing now?

QR codes hide links that beat mobile security checks.

Do defenses work against AI phishing?

Training drops clicks to 1.5%; AI filters block 99.9% spam.

Which sector hits hardest?

All, but 35% ransomware starts with phishing emails.

Future outlook for 2026?

Expect more deepfakes, polymorphic attacks, multi-channel hits.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages