KnowBe4 Uncovers Surged Abuse of Legitimate Platforms by Cybercriminals in 2025

KnowBe4's 2025 Phishing Threat Trends Report Volume Six reveals traditional defenses bypassed, increase in vishing usage and retail brands breached

TAMPA BAY, Fla., Oct. 29, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human and AI agent risk management, today announced new research from its 2025 Phishing Threat Trends Report Vol. Six, which finds fundamental shifts in cybersecurity attacker tactics, prompting a significant increase in phishing attack volume from compromised accounts.

"As cybercriminals bypass technical defenses using techniques such as hijacking legitimate platforms and manipulate victims through a variety of sophisticated social engineering methods, organizations need to prioritize workforce trust management," said Jack Chapman, SVP threat intelligence, KnowBe4. "The findings from this report revealed that attackers demonstrated clear seasonal targeting throughout 2025, exploiting HR topics in January, Valentine's promotions in February, tax deadlines in April, and major events like the U.S. Open. As more attacks find their way through traditional email security defenses, it is critical that organizations evolve their tech stack to implement AI-driven detection that works within a holistic human risk management (HRM) ecosystem."

Key findings from the report include: 

• Scattered Spider Destruction: The cybercriminal gang Scattered Spider breached multiple high-profile retailers in 2025, including M&S, Co-Op, Harrods and others, which caused hundreds of millions in damages and losses. These breaches spawned secondary phishing campaigns targeting customers, with attackers impersonating the compromised brands to harvest credentials. Scattered Spider's signature tactics (including combining sophisticated social engineering, vishing, MFA bombing and credential harvesting) combine techniques that target both the technical and human layers as part of their attack methodology.
• Voice Phishing Surge: Phone-based vishing attacks increased 449% compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails. Researchers discovered that 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds or transfers. 
• Legitimate Platform Hijacking: Perhaps most concerning, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date. These attacks pass DMARC authentication 100% of the time and often bypass traditional defenses because they originate from trusted domains. 

Download the KnowBe4 2025 Phishing Threat Trends Report. 

About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. More info at knowbe4.com. 

Follow KnowBe4 on LinkedIn and X.

Media Contact
Amanda Tarantino
Head of Public Relations, Americas
KnowBe4
[email protected]

SOURCE KnowBe4 Inc.