AI Phishing Attacks Surge with Malicious SVGs Post-Holiday
Basically, hackers are using AI to create smarter phishing emails that trick people more easily.
AI phishing attacks have surged post-holidays, with a 50-fold increase in malicious SVGs. Many users are affected as attackers impersonate trusted entities. This evolving threat highlights the need for enhanced email security measures.
The Threat
In recent months, a significant rise in AI-generated phishing attacks has been observed, particularly following the holiday season. A report from Hoxhunt revealed that AI content in phishing emails surged from less than 5% to a staggering 56% during December 2025. This trend persisted into January 2026, with 40% of phishing attempts showing signs of AI generation. Attackers are leveraging AI to craft more convincing emails, making it increasingly difficult for recipients to recognize scams.
The report highlighted that the most common phishing themes included fraudulent offers for free products, impersonation of financial service providers, and fake invoices. Notably, 43.1% of these attacks utilized malicious links, while 11% incorporated malicious attachments. The use of AI allows scammers to personalize their messages, often including details from social media profiles to enhance credibility.
Who's Behind It
The rise of AI phishing can be attributed to the increasing sophistication of cybercriminals who are adapting their tactics to exploit new technologies. These attackers are not just relying on traditional phishing methods; they are now employing malicious scalable vector graphics (SVG) attachments, which have seen a 50-fold increase in usage. SVGs have become the third most common type of malicious attachment, surpassing traditional formats like .docx and .eml. This shift indicates a strategic evolution in how phishing attacks are executed.
Despite the surge in AI-assisted phishing, researchers noted that more advanced techniques, such as voice or video deepfakes, have not yet reached widespread use. However, the potential for these methods to be employed in future attacks remains a concern as AI technologies continue to evolve.
Tactics & Techniques
Phishing attempts now frequently include descriptive HTML comments, emojis, and overly formal language, which are indicators of AI-generated content. The most common phishing schemes observed were:
- 18.6% for free product offers
- 13.1% impersonating financial services
- 8.3% involving fake invoices
- 8.2% impersonating HR teams
Moreover, phishing emails instructing targets to call malicious numbers have surged by 500% in late 2025. These tactics demonstrate a clear trend toward more personalized and deceptive phishing strategies, making it crucial for users to remain vigilant.
Defensive Measures
As AI phishing attacks become more prevalent, individuals and organizations must adopt stronger security measures. Here are some recommended actions:
- Educate employees about recognizing phishing attempts, especially those that appear highly personalized.
- Implement advanced email filtering solutions that can detect and block suspicious attachments, including SVGs.
- Encourage reporting of phishing emails to improve organizational awareness and response strategies.
- Stay updated on the latest phishing trends and tactics to better prepare for potential threats.
By understanding the evolving landscape of phishing attacks, users can better protect themselves against these sophisticated threats. Awareness and education are key to staying one step ahead of cybercriminals.