Malicious URLs are growing at an exponential pace to become one of the main attack vectors, according to the report Human Factor 2025 Report which reveals a strong escalation of phishing and threats based on these web directions.
The report analyzes the data of the ProofPoint threat intelligence platform and describes how cybercriminals are using advanced social engineering and content generated by AI to make it Malicious URLs are increasingly difficult to identify For users.
Either through email, text messages or collaborative applications, URLs based threats They now dominate the panorama of the cyberamezas. The attackers are not only passed by trusted brands, but also use legitimate services, deceive users with false error messages and avoid traditional security embeding threats in QR codes and SMS messages.
«Today, the most harmful cyber -wing do not go to machines or systems. They go to people. In addition, phishing threats based on URLs are no longer limited to the mail entry tray, but can point to any place are often extremely difficult to identify by users »explains Matt Cooke, proofpoint cybersecurity strategist in EMEA.
Among the main conclusions of the report include:
Malicious URLs emerge as the preferred delivery mechanismand four times more than the attached files in email threats are already used: cybercriminals prefer the URLs to the attachments, since they are easier to camouflage and are more likely to avoid detection. These links are embedded in messages, buttons and even attachments such as PDF or Word documents to induce users to click on them and start the supplantation of credentials or discharge of malware.
Clickfix malware campaigns increased almost 400% year -on -year: Clickfix is a phishing technique that shows false error messages or captures screens to induce users to execute malicious code. Taking advantage of the urgency of solving a technical problem, this method has quickly become a tactic for malware authors, helping them propagate remote access Trojans (Rat), Infostealers and Loaders.
More than 4.2 million phishing threats via QR codes Only in the first half of 2025: QR codes -based attacks leave users outside corporate protections through their personal mobile devices. Once scanned, these codes redirect users to phishing sites designed to collect confidential information, such as credentials, credit card data or personal identifiers, all under the appearance of legitimacy.
Credential Phishing It remains the most frequent objective of the attackers, with 3.7 billion attacks based on URLs aimed at stealing login data: the attackers focus mainly on stealing login data instead of distributing malware. With phishing lures that are passed by trusted brands and use standard tools, such as Phishing Cogui kits and diculacia, even less qualified authors can deploy very convincing campaigns that avoid multifactor authentication and get the total control of the accounts.
Smishing campaigns increase 2,534% As the attackers focus on mobile devices: at least 55% of the alleged phishing messages based on SMS (SMISHING) analyzed by Proofpoint contained malicious URLs. Its appearance often imitates government communications or messaging services and are very effective due to the immediacy and trust that users deposit in mobile text messages, reflecting a change in objective of threats to mobile devices.
