Mimecast Report: AI Phishing and ClickFix Attacks Explode

Mimecast’s latest report reveals a 500% rise in AI phishing and ClickFix schemes as cybercriminals exploit trusted services to bypass email security. 2025 has been a terrific year for cyber criminals as AI-augmented phishing surged 500%, a new report reveals. According to the latest threat intelligence report by Mimecast, the company caught over 9.3 billion cyber threats in the first nine months of 2025.

With AI, phishing campaigns and ClickFix schemes have become more sophisticated, leveraging trusted services to evade detection. Mimecast 2025 threat intelligence report shows that attackers are Living Off Trusted Services (LOTS). The report reveals that phishing now accounts for 77% of all attacks, which is up from 60% in 2024.

“We’re seeing a clear evolution in attacker behaviour in 2025, headlined by an exponential rise in AI-driven threats,” said Ranjan Singh, Mimecast Chief Product & Technology Officer. “Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organised, state-adversaries.”

AI as a partner in cybercrime has allowed threat actors to craft flawless, compelling phishing emails that impersonate vendors, partners, and employees. Mimecast has noted a significant increase in the sophistication of social engineering attacks, especially with ClickFix schemes, where attackers use fake error messages to lure users into executing malicious commands.

Mimecast has detected over 900,000 unique CAPTCHA-protected URLs each month in the US and UK, linked to the notorious cybercrime group Scattered Spider. “Email security has become so effective at catching malware, that attackers have completely changed tactics,” says Ranjan Singh.

The report shows that professional education, IT software, telecommunications, real estate, and legal organisations experience a much higher volume of impersonation attacks, with real estate suffering particularly higher phishing attempts.