AI-driven phishing & quishing attacks surge in Netcraft report
Netcraft has published research highlighting the rise of advanced phishing, quishing, and impersonation attacks powered by artificial intelligence, revealing a variety of cyber threat trends for 2025.
The company's latest findings detail a significant increase in impersonation attacks targeting both consumers and brands, facilitated by AI tools and new forms of cybercrime-as-a-service models.
AI involvement in phishing
According to the research, large language models (LLMs) are inadvertently assisting cyber criminals by generating and recommending phishing sites in response to natural language queries. Netcraft found that 34% of 131 hostnames suggested by AI models for 50 major brands were not under brand control, raising the risk that users might unknowingly trust fraudulent websites identified as legitimate by conversational AI systems.
The implications of these AI-generated errors are significant, since users who believe they are receiving verified site recommendations may be more likely to visit and interact with malicious sites.
Manipulation of search engines
Netcraft also discovered that threat actors are using search engine optimisation (SEO) tactics to "poison" search results. By creating convincing lookalike sites and exploiting compromised websites, cyber criminals are manipulating search algorithms to promote malicious links while evading traditional brand protection solutions.
Researchers highlighted Hacklink, a platform selling access to thousands of compromised sites for injecting malicious code. This approach allows cybercriminals to improve the ranking of fake sites in search results, making it more difficult for potential victims to distinguish between genuine and fraudulent online destinations.
Growth of quishing
Another area of concern is the increase in "quishing" attacks, which utilise QR codes to route victims to phishing sites. Netcraft's findings attribute the rise in part to the ease with which users are fooled by QR codes, making it easier for attackers to obtain sensitive data or personal information.
The report notes that companies utilising QR codes, or whose customers regularly interact online, may face elevated risks of brand spoofing if attackers exploit this vector.
Rise in toll text and DMV scams
Netcraft recorded a surge in toll text and Department of Motor Vehicles (DMV) scams, particularly in the United States. Over a two-week period, URLs targeting users in certain states increased by more than 200%. These scams employ "smishing" - fraudulent SMS messages - encouraging recipients to click on a link claiming an issue with toll payments or DMV balances.
Netcraft attributed the proliferation of these scams to their affordability and the relative simplicity of targeting large numbers of people via text messages.
Impersonation-as-a-service platforms
The report further identifies the emergence of impersonation-as-a-service tools that accelerate brand spoofing. These services allow attackers to rapidly clone company websites - sometimes within minutes - and collect user credentials through fake login portals.
Need for defensive measures
"Attackers never stop innovating, as our latest research illustrates, so defenders can't stop, either. To properly defend against the attacks outlined here, security teams need current threat intelligence and automation capabilities that extend beyond the corporate perimeter. Netcraft's detection and threat analysis is a force multiplier, combining rules-based processing and pattern recognition with AI to achieve optimal outcome."
This comment from Ryan Woodley, Chief Executive Officer of Netcraft, underlines the need for organisations to invest in advanced detection, automation, and intelligence-driven security measures to keep pace with the evolving tactics used by cyber criminals.
The research demonstrates the diverse and expanding ways that AI and automation are influencing cybercrime, while also highlighting new challenges for consumer safety and brand integrity in an increasingly digital landscape.
