Phishing in 2026: The Industrialization of Digital Fraud

A Threat That Continues to Grow

Phishing has evolved far beyond fraudulent emails. Today, it is one of the primary enablers of cybercrime worldwide, fueling credential theft, account takeover, financial fraud, ransomware deployment, and business email compromise.

According to the Anti-Phishing Working Group (APWG), more than one million phishing attacks were observed during the first quarter of 2025 alone, making it one of the most active phishing periods ever recorded. Across 2025, nearly 3.8 million phishing attacks were documented globally.

Several factors are driving this growth:

• Generative AI adoption.
• Increased attack automation.
• The rise of phishing kits.
• Expansion of digital services and online identities.

Phishing remains one of the most effective ways for attackers to bypass traditional security controls and initiate larger cyberattacks. In 2025, phishing-related activity contributed to more than 73% of analyzed fraud incidents worldwide.

The Rise of Phishing-as-a-Service

One of the most significant developments in recent years is the emergence of Phishing-as-a-Service (PhaaS).

Cybercriminal groups now operate commercialized platforms that allow even inexperienced attackers to launch sophisticated phishing campaigns with minimal technical knowledge.

These services typically include:

• Ready-made phishing websites.
• Victim management dashboards.
• Credential collection systems.
• Hosting services.
• Evasion technologies.
• Technical support.

Industry reports indicate that the number of known phishing kits doubled during 2025, while more than 90% of large-scale phishing campaigns now rely on kit-based infrastructure.

Modern kits such as GhostFrame, Whisper 2FA and Sneaky 2FA integrate advanced capabilities including MFA bypass, anti-analysis mechanisms, CAPTCHA-based filtering, URL obfuscation, and dynamic brand impersonation.

AI Is Making Phishing More Dangerous

Generative AI has dramatically lowered the barrier to creating convincing phishing content.

Attackers can now generate:

• Flawless emails.
• Multilingual content.
• Personalized messages.
• Localized social engineering scenarios.

Microsoft has highlighted the increasing use of AI-generated phishing campaigns tailored to local languages and cultural contexts, particularly across Africa.

As a result, traditional indicators such as poor grammar or suspicious wording are becoming increasingly ineffective.

New Attack Channels

Phishing is no longer limited to email.

Attackers increasingly leverage:

• SMS messages (smishing).
• Voice calls (vishing).
• Social media.
• Messaging applications.
• QR codes.

QR code phishing, also known as "quishing", has become one of the fastest-growing attack techniques.

Microsoft reported a 146% increase in QR-code phishing attacks during Q1 2026.

These attacks bypass traditional email security controls by shifting the interaction to users' mobile devices.

North Africa: A Growing Target

North Africa is experiencing rapid digital transformation through:

• Mobile banking.
• Digital payments.
• E-commerce growth.
• Digital government services.

While these developments create opportunities for economic growth, they also expand the attack surface available to cybercriminals.

In Morocco, the 2025 Cybersecurity Barometer identified phishing awareness and human-related vulnerabilities among the leading cybersecurity concerns for organizations. More than half of surveyed companies highlighted phishing as a major challenge.

At the regional level, INTERPOL and international law enforcement agencies continue to report increasing cybercrime activity involving phishing, account takeover, online fraud, and digital identity abuse throughout the MENA region.

Why Awareness Alone Is No Longer Enough

Security awareness remains essential.

However, recent research suggests that awareness training alone is insufficient against modern phishing campaigns, particularly those leveraging AI and sophisticated social engineering techniques.

Organizations increasingly require:

• Continuous monitoring.
• Early campaign detection.
• Brand abuse monitoring.
• Infrastructure intelligence.
• Threat visibility.

Introducing PRISALYA Phishing Monitor (PPM)

To address these challenges, PRISALYA developed PPM – PRISALYA Phishing Monitor.

PPM is a proactive monitoring platform designed to identify phishing campaigns, brand impersonation attempts, and malicious infrastructures targeting organizations, customers, employees, and partners.

The platform continuously monitors indicators such as:

• Suspicious domains.
• Fraudulent certificates.
• Malicious infrastructure.
• Brand impersonation websites.
• Technical phishing indicators.

The objective is straightforward:

Detect threats before they reach victims and reduce the time between campaign emergence and defensive action.

As phishing becomes increasingly industrialized and AI-enabled, continuous visibility over an organization's digital exposure is becoming a critical cybersecurity capability.

Conclusion

Phishing has evolved into a mature criminal industry powered by automation, phishing kits, artificial intelligence, and specialized service providers.

Organizations are no longer asking whether they will be targeted, but when.

Combining user awareness, proactive monitoring, and continuous threat detection is now essential to reducing phishing risk.

That is precisely the mission of PRISALYA Phishing Monitor: helping organizations identify threats before they become incidents.