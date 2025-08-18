Social engineering meets sophisticated URLs in today's most dangerous phishing threats

Dubai, United Arab Emirates - Proofpoint, a leading cybersecurity and compliance company, today released the second volume of its Human Factor 2025 Report series, which reveals a sharp escalation in phishing and URL-based threats. Drawing on data from Proofpoint’s threat intelligence platform, the report outlines how cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs increasingly difficult for users to identify.

Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not just impersonating trusted brands - they are abusing legitimate services, tricking users with fake error prompts, and bypassing traditional security by embedding threats in QR codes and SMS messages.

Key findings from the report include:

Malicious URLs are now the preferred delivery mechanism - used four times more than attachments in email threats: Cybercriminals increasingly favor URLs over attachments, as they are easier to disguise and more likely to evade detection. These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads.

Cybercriminals increasingly favor URLs over attachments, as they are easier to disguise and more likely to evade detection. These links are embedded in messages, buttons, and even inside attachments like PDFs or Word documents to entice clicks that initiate credential phishing or malware downloads. ClickFix malware campaigns increased nearly 400% year-over-year: ClickFix is a phishing technique that lures users into running malicious code by displaying fake error messages or CAPTCHA screens. By exploiting the urge to resolve a perceived technical issue, this method has quickly become a go-to tactic for malware operators, helping them spread remote access trojans (RATs), infostealers, and loaders.

ClickFix is a phishing technique that lures users into running malicious code by displaying fake error messages or CAPTCHA screens. By exploiting the urge to resolve a perceived technical issue, this method has quickly become a go-to tactic for malware operators, helping them spread remote access trojans (RATs), infostealers, and loaders. Proofpoint identified over 4.2 million QR code phishing threats in the first half of 2025 alone: QR code-based attacks remove users from enterprise protections by leveraging personal mobile devices. Once scanned, these codes redirect users to phishing sites designed to harvest sensitive information such as credentials, credit card data, or personal identifiers, all under the guise of legitimacy.

QR code-based attacks remove users from enterprise protections by leveraging personal mobile devices. Once scanned, these codes redirect users to phishing sites designed to harvest sensitive information such as credentials, credit card data, or personal identifiers, all under the guise of legitimacy. Credential phishing remains the most prevalent goal for attackers, with 3.7 billion URL-based attacks aimed at stealing logins: Attackers are overwhelmingly focused on stealing login credentials rather than distributing malware. With phishing lures that impersonate trusted brands and use off-the-shelf tools such as CoGUI and Darcula phish kits, even low-skilled actors can deploy highly convincing campaigns that bypass multifactor authentication and lead to full account takeover.

Attackers are overwhelmingly focused on stealing login credentials rather than distributing malware. With phishing lures that impersonate trusted brands and use off-the-shelf tools such as CoGUI and Darcula phish kits, even low-skilled actors can deploy highly convincing campaigns that bypass multifactor authentication and lead to full account takeover. Smishing campaigns jumped 2,534% as attackers shift focus to mobile devices: At least 55% of suspected SMS-based phishing messages (smishing) analyzed by Proofpoint contained malicious URLs. These often mimic government communications or delivery services and are highly effective due to the immediacy and trust users place in mobile text messages, reflecting a shift toward mobile-first targeting by threat actors.

“The most damaging cyber threats today don’t target machines or systems. They target people. In addition, URL-based phishing threats are no longer confined to the inbox, they can be carried out anywhere and are often extremely difficult for people to identify,” said Selena Larson, senior threat intelligence analyst at Proofpoint. “From QR codes in emails and fake CAPTCHA pages to mobile-first smishing scams, attackers are weaponizing trusted platforms and familiar experiences to exploit human psychology. Defending against these threats requires multilayered, AI-powered detection and a human-centric security strategy.”

To download The Human Factor 2025: Volume 2 – Phishing and URL-Based Threats, visit https://www.proofpoint.com/us/resources/threat-reports/human-factor-url-phishing

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint on LinkedIn. Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

MEDIA CONTACT:

Samreen Iqbal

Samreen.iqbal@bpggroup.com