Gen has released its Q1/2025 Gen Threat Report, highlighting the most significant shifts shaping the global Cyber Safety landscape observed between January and March 2025.
Key report findings include a 186 percent surge in breached personal information, a 466 perent increase in phishing reports, growth in fake browser update scams by 17 times the previous quarter’s levels, and more than four million people protected from Scam-Yourself Attacks, alongside the rise of mobile financial fraud and crypto-related US presidential inauguration scams.
“Online threats are evolving at a startling pace. Attackers are moving away from broad, indiscriminate campaigns to highly personalised, AI-enhanced deception,” said Siggi Stefnisson, Cyber Safety CTO at Gen.
“Breached data and AI tools are giving cybercriminals just enough personal information and design sophistication to more easily manipulate people. That’s why we constantly evolve our cybersecurity solutions to be an interactive partner in fighting scams and to be one step ahead of cybercriminals.”
Data Breaches Escalate
Data breaches are on the rise, with a 36 percent increase in the number of breaches faced by companies compared to last quarter. Individuals breached records surged by more than 186 per cent, revealing sensitive information such as passwords, emails, and credit card details. Attackers employed more advanced infostealers, such as Lumma Stealer, making data compromise faster and harder to detect.
Phishing Scams Designed to Bypass Security Filters
Reports of phishing scams increased by a staggering 466 per cent compared to the previous quarter, now accounting for nearly 32 per cent of all scam submissions to the Norton Genie scam detector.
According to the Norton Genie scam detector platform, phishing is the fastest-growing threat, second only to generic scams, which accounted for 51 percent of reports. The good news is that people are becoming more wary of potential phishing scams and reporting these messages.
Telemetry data reveals a growing number of phishing campaigns that abuse dynamic DNS services and subdomain providers, as well as free website builders to create deceptive login pages. This means that by mimicking legitimate login portals and leveraging trusted domains, such as recent scams targeting AT&T, Telstra, and Xfinity customers, attackers make phishing attempts harder to detect and more likely to succeed.
Many of these campaigns create a sense of urgency for potential victims through emails claiming account issues or prompting people to review sensitive documents. Despite sometimes being poorly written, the use of familiar platforms and subdomain tricks allows these scams to bypass security filters and remain highly effective.
Scam-Yourself Attacks and Fake Browser Updates on the Rise
Gen helped protect over four million users from Scam-Yourself Attacks, in which individuals, through sophisticated deception, are manipulated into infecting their own devices. In one of the most striking evolutions of this type of scam that we observed this quarter, attackers are using AI-generated personas, deepfake influencers and hired actors.
They use these personas to deliver their malicious campaigns. This is primarily achieved through compromised YouTube accounts, which leverage interactive FakeCAPTCHAs and prompt users to verify they are human, but instead guide them to grant device permissions or download malware.
Fake Update Scams grew to over 17 times last quarter’s level. This type of Scam-Yourself Attack tricks people into installing malware under the guise of browser updates.
Financial Threats Thrive on Mobile and Crypto
Mobile financial threats continued to rise, fuelled by increasingly sophisticated tactics that target people directly through their smartphones. Malware, such as banking trojans, now exploits accessibility features to overlay fake login pages, stealing sensitive data, including crypto wallet credentials.
Combined with an uptick in credit and transaction fraud alerts, there’s a growing trend of attackers focusing on mobile devices as gateways to people’s financial lives.
Digital currencies remain a target for financial threats. CryptoCore executed one of its most successful campaigns in early 2025, hinging on the US presidential inauguration. Attackers leveraged deepfake videos of public figures spread through compromised YouTube accounts to steal nearly NZD four million, spread across more than 2,000 transactions.
Gen is continually innovating to stay one step ahead of today’s evolving cyber threats. Its trusted family of brands offers robust solutions to help keep you safe.
