Surge in Clickfix Attacks and AI-Powered BEC Scams Highlight New Cyber Threats

Published 2025-10-24 00:56:31 | www.zdnet.com
Clickfix Bec Ai Cybersecurity Threat Intelligence Actor: Scattered Spider, TA2541 Sector: Education, IT, Telecommunications, Legal, Real Estate Region: Global

🎙️ Paranoid Newscast

🎭
Credibility
65%
📊
Risk Score
56%
🎲
Likelihood
8/10
💥
Impact
7/10
🛡️
Priority
4/5
Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Cybercriminals are increasingly leveraging Clickfix social engineering tactics and AI in Business Email Compromise (BEC) scams, leading to a 500% surge in Clickfix attacks in early 2025. Mimecast's latest report reveals a shift in tactics that focus on the human element, making phishing and scams harder to detect.

Clickfix is a method to bypass traditional anti-phishing techniques by luring victims into providing initial access to a network or system, thereby eliminating the need for malware to do so. Fake error messages and dubious offers are displayed to victims, directing them to execute commands that trigger the download of malicious payloads.

Additionally, AI is being used to create convincing email threads that impersonate multiple individuals, enhancing the success rate of BEC scams. Industries such as education, IT, telecommunications, legal, and real estate are particularly at risk.