From July 2024 to June 2025, Kaspersky experts detected over 650,000 attempts to visit phishing pages disguised as LinkedIn alone

38% of organisations suffered a phishing attack that led to unauthorised access.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

80.6% of the top 20 clicked links originated from internally-themed simulations.

71.9% of interactions with malicious landing pages involved branded content.

Subscription prices for generative AI tools like FraudGPT and WormGPT, marketed for illicit uses such as phishing and malware creation, start for as little as $200 per month.

Internal-themed topics accounted for 98.4% of the top 10 most-clicked email templates in the phishing simulations.

Among internally-themed links, 68.2% utilised domain spoofing techniques.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

71.9% of interactions with malicious landing pages involved branded content.

HR-related themes were cited in 42.5% of phishing failures.

80.6% of the top 20 clicked links originated from internally-themed simulations.

PDFs comprised the majority, 61.1%, of the top 20 attachments clicked in phishing simulations.

IT-related themes were cited in 21.5% of phishing failures.

PDF attachment clicks in phishing simulations increased by 8.1% compared to Q1 2025.

Microsoft and Docusign were among the most frequently impersonated brands in phishing emails with PDF attachments.

A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, employing Telephone-Oriented Attack Delivery (TOAD) or callback phishing.

NortonLifeLock, PayPal, and Geek Squad were among the most impersonated brands in TOAD emails with PDF attachments

Most phone numbers found in email threats leveraging the TOAD social engineering technique are Voice over Internet Protocol (VoIP) numbers.

Phone numbers are sometimes reused on consecutive days in TOAD attacks.