Tech News

Tech Business News

  • Home
  • Technology
  • Business
  • News
    • Technology News
    • Local Tech News
    • World Tech News
    • General News
    • News Stories
  • Media Releases
    • Tech Media Releases
    • General Media Releases
  • Advertisers
    • Advertiser Content
    • Promoted Content
    • Sponsored Whitepapers
    • Advertising Options
  • Cyber
  • Reports
  • People
  • Science
  • Articles
    • Opinion
    • Digital Marketing
    • Gaming
    • Guest Publishers
  • About
    • Tech Business News
    • News Contributions -Submit
    • Journalist Application
    • Contact Us
Reading: Mimecast Report Reveals 500% Surge In Human-Targeted ClickFix Cyberattacks
Share
Font ResizerAa
Tech Business NewsTech Business News
  • Home
  • Technology News
  • Business News
  • News Stories
  • General News
  • World News
  • Media Releases
Search
  • News
    • Technology News
    • Business News
    • Local News
    • News Stories
    • General News
    • World News
    • Global News
  • Media Releases
    • Tech Media Releases
    • General Press
  • Categories
    • Crypto News
    • Cyber
    • Digital Marketing
    • Education
    • Gadgets
    • Technology
    • Guest Publishers
    • IT Security
    • People In Technology
    • Reports
    • Science
    • Software
    • Stock Market
  • Promoted Content
    • Advertisers
    • Promoted
    • Sponsored Whitepapers
  • Contact & About
    • Contact Information
    • About Tech Business News
    • News Contributions & Submissions
Follow US
© 2022 Tech Business News- Australian Technology News. All Rights Reserved.
Tech Business News > Reports > Mimecast Report Reveals 500% Surge In Human-Targeted ClickFix Cyberattacks
Reports

Mimecast Report Reveals 500% Surge In Human-Targeted ClickFix Cyberattacks

Mimecast’s 2025 Global Threat Intelligence Report reveals a sharp rise in human-focused cyber risks, including a 500% surge in ClickFix schemes now making up nearly 8% of all attacks. Drawing on analysis of over 24 trillion data points from 43,000 customers, the report highlights the growing use of AI-powered phishing

Editorial Desk
Last updated: October 24, 2025 7:16 pm
Editorial Desk
Share
SHARE

Mimecast, a global cybersecurity leader redefining how organisations secure human risk, today published its 2025 Global Threat Intelligence Report, examining threat activity in 2025.

According to the report, threat actors are pivoting their tactics to approach human touchpoints from every angle – inside business flows and across channels – to deploy coordinated campaigns that overwhelm traditional defenses.

The data reveals key trends, including the rise of smarter, AI-powered phishing and social engineering attacks, and threat groups increasingly using trusted services to evade detection and reach targets.

In fact, Mimecast analysis found that phishing accounts for 77% of all attacks up from 60% in 2024 with attackers likely leveraging more AI tools.

“We’re seeing a clear evolution in attacker behavior in 2025, headlined by an exponential rise in AI-driven threats,” said Ranjan Singh, Mimecast Chief Product & Technology Officer.

“Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organised, state-sponsored adversaries,”

“Threat actors are doubling down on human-focused attacks and exploiting trusted business services as their primary means of intrusion, making employee awareness and resilient systems more essential than ever.”

AI-Enhanced Deception: Smarter Phishing and Social Engineering

This human-focused approach begins with sophisticated deception tactics. Generative AI is giving threat actors more power to create the perfect lure, impersonating vendors, partners, and employees.

They are now able to craft convincing email chains, synthetic voices, and audio messages that can bypass detection tools.

Mimecast research reports a significant increase in social engineering attacks, including schemes like ClickFix, AI-augmented phishing, and business email compromise (BEC).

These attacks are becoming increasingly sophisticated, with attackers leveraging automated conversation chains to create the illusion of legitimate communication in phishing emails, often impersonating senior executives and using urgent language.

Mimecast’s Threat Research Team recently identified a large-scale BEC invoice fraud campaign targeting global organisations, in which attackers used AI-generated email content, urging payment requests to exploit business processes.

ClickFix schemes in particular – where attackers use fake error messages or verification prompts to trick users into copying and running malicious commands on their own devices – increased more than 500% in the first six months of the year, accounting for nearly 8% of reported attacks. 

Exploiting Trust: Attackers Weaponise Everyday Business Tools

Building on these AI-enhanced deception techniques, attackers are simultaneously exploiting the trusted business tools employees use daily. 

The trend of living off the land continues to evolve, with attackers increasingly living off trusted services (LOTS).

They are finding new ways to exploit essential platforms like Adobe Pay, DocuSign, and Salesforce within their attack chains – with virtual meeting room and hosting service DocSendbecoming the most abused service in 2025.

Central to this trust exploitation strategy, threat actors are also using legitimate and custom CAPTCHA services to both better trick victims and slow threat intelligence analysts’ ability to detect attacks.

Thousands of unique malicious CAPTCHA-protected URLs are detected each month, with more than 900,000 detections of Scattered Spider using this technique in the U.S. and UK. 

AI further empowers attackers to craft highly convincing phishing messages to support delivery via these tools, blurring the line between legitimate business activity and malicious behavior.

Multichannel Attacks: Attackers Evade Detection

Completing this three-pronged strategy targeting human vulnerability, attackers are now coordinating across multiple communication channels to evade detection. 

To bypass organisational defenses that monitor unusual network and IT activity, attackers are increasingly shifting across communication channels.

For example, phishing emails may now include phone numbers for victims to call, which reduces visibility and makes attacks harder to detect.

This tactic has been observed in high-profile incidents, including executive impersonation and IT support scams. AI-generated voices and deepfake technology are amplifying the effectiveness of these multichannel attacks, making them even more convincing and difficult to defend against.

Industry-Specific Threats: Attackers Target High-Value Sectors with Tailored Tactics

Many of these attacks are targeting certain industries based on the nature of their operations and the value of their assets.

Professional Education, IT Software, Telecommunications, Real Estate, and Legal organizations experience a higher volume of impersonation attacks, as these sectors often have direct access to high-value targets, handle sensitive financial transactions, and manage confidential client information.

Notably, real estate professionals were hit with substantially more phishing attacks than workers in other industries, underscoring the sector’s growing exposure to social engineering threats.

The Mimecast Threat Research Team also recently uncovered a phishing campaign targeting hospitality industry professionals.

Attackers used fraudulent email impersonation and large-scale credential harvesting targeting trusted hotel management platforms like Expedia and Cloudbeds.

As cybercriminals continue to adapt their tactics to exploit sector-specific vulnerabilities, organizations across all industries must prioritise proactive threat detection, employee awareness, and layered defense strategies to stay ahead of evolving attacks.

“Cyber defense can no longer be treated solely as a technology issue,” said Mimecast Chief Information Security Officer, Leslie Nielsen. “It’s equally about people and organisational resilience.

“Since last year, cybercriminals have significantly increased their use of trusted services to bypass technical defenses that might otherwise block attacks,”

“Countering these threats requires organisations to adapt by preparing employees to recognise suspicious activity and leveraging tools like AI internally to enhance both business workflows and security operations,” 

“As threat actors continue to target the human layer through deception, trust exploitation, and multichannel coordination, building awareness and resilient response capabilities becomes critical.” said Nielsen

ByEditorial Desk
The TBN team is a well establish group of technology industry professionals with backgrounds in IT Systems, Business Communications and Journalism.
Previous Article Yubico Showcases Post-Quantum Cryptography & Digital Identity Innovation Yubico Unveils Advancements in Post-Quantum Cryptography and Digital Identity
Next Article The Supplement Industry's scam The Supplement Industry’s Billion-Dollar Marketing Mirage: What The Science Actually Shows
Leave a Comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Mimecast’s 2025 Global Threat Intelligence Report - Ranjan Singh

Tech Articles

Top Big Tech Companies 2026

The Big Tech Companies Actually Winning In 2026 — And Numbers That Prove It

Top tech companies in 2026 included AppLovin, AWS, Microsoft, Meta,…

May 20, 2026
Why is APAC losing the war on digital fraud

Why APAC is Losing Ground In The Fight Against Digital Fraud

Why APAC is losing the war on digital fraud is…

May 6, 2026
The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

The Internet’s Best Blogs Didn’t Vanish — They Were Stripped for Parts by SEO Parasites

How some of the internet’s best independent blogs were quietly…

June 3, 2026

Recent News

Scams
Reports

Australians lose a whopping $323 million to scams in 2021, up 84% from the previous year

11 Min Read
Latest XY Sense Workplace Utilization Data: Despite Global Back-to-Office Mandates in Q2
Reports

Workplace Utilisation Index Report Showed Office Occupancy Rates Stalled At 30% In Q2

5 Min Read
Scam reports skyrocket smishing’ robs Australians of millions - Tech News
Reports

Scam Reports Skyrocket As Conversational ‘Smishing’ Robs Australians Of Millions

5 Min Read
Mcafee Threat Prediction Tech News
CyberReports

McAfee Enterprise & FireEye Predict Top Cyber Threats

3 Min Read
Tech News - Technology Business

Tech Business News

In 2026, technology news is shaping business outcomes faster than ever—driven by AI adoption, rising cyber risk, cloud modernisation, data regulation, and constant platform change.
 
Tech News keeps Australian organisations and industry professionals informed with timely reporting and practical coverage across AI, cybersecurity, cloud, enterprise IT, startups, science, people and business, plus major world and local news impacting the tech sector.
 
Tech Business News publishes news and analysis designed to be clear, relevant, and easy to act on. It supports the industry with technology news reports, whitepaper publishing services, and a range of media, advertising and publishing options 

About

About Us 
Contact Us 
Privacy Policy
Copyright Policy
Terms & Conditions

July, 06, 2026

Contact

Tech Business News
Melbourne, Australia
Werribee 3030
Phone: +61 431401041

Hours : Monday to Friday, 9am 530-pm.

Tech News

© Copyright Tech Business News 

Latest Australian Tech News – 2026

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?