Phishing campaigns continue to change. Attackers are adapting faster than traditional security tools, using more subtle methods to bypass filters and reach inboxes. The latest KnowBe 4 Phishing Threat Trends Report (2025) shows a steady increase in attacks that slip through email security platforms and a growing use of techniques that avoid detection, increasing 173% since September 2024.
In this post, learn about the key challenges facing organizations in 2025, why traditional email defenses fall short, and why implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) through Red Sift OnDMARC should be your priority.
A changing field of tactics
In 2024, over 80% of phishing emails included small changes — such as edited subject lines, sender names, or logos — that made them harder to detect. These subtle variations allow attackers to send nearly identical emails that don’t trigger blocklists or signature-based detection.
Some campaigns also use invisible characters, odd symbols, and mismatched metadata to get around filters. These small changes disrupt email grouping techniques, which many detection tools rely on to block similar threats.
Attackers also continue to use shared inboxes and delegate accounts to reach more people inside organizations. These campaigns often target hiring teams, with fake résumés and application emails designed to blend in with legitimate recruitment processes.
Ransomware continues to spread through phishing
Ransomware payloads delivered via phishing grew by over 20% in the last six months. Attackers are using techniques like HTML smuggling and password-protected zip files to hide malicious content inside email attachments. These payloads are often disguised with filler content and hidden URLs to avoid triggering standard security alerts.
Once the ransomware lands, it relies on simple prompts or fake system alerts to trick users into running the file. After execution, it blocks user controls and encrypts data, leading to downtime, recovery efforts, and potential data loss.
These attacks often bypass security tools that rely on scanning known file types, URLs, or hashes. Newer obfuscation techniques make those signatures unreliable. Without stronger controls at the point of delivery, phishing remains a simple way for attackers to get ransomware into an organization.
Traditional email defenses can’t keep you protected
Many organizations still depend on Microsoft 365 and Secure Email Gateways (SEGs) to protect users from phishing. But the report shows a 47% increase in phishing emails that bypass these systems.
Why? Because these tools often rely on fixed rules: if a sender’s reputation is clean, or the URL isn’t flagged, the message gets through. But attackers now send messages from compromised accounts, hijacked domains (like Google Docs or Dropbox), and cloud platforms. These messages appear trustworthy but carry malicious links or files.
Attackers also use email body images, QR codes, unicode characters, and subject line tricks that security filters don’t always catch. These tactics help them avoid detection, even by advanced filters using natural language processing.
To close these gaps, organizations need layered security. But more importantly, they need to stop phishing emails from appearing legitimate in the first place and ensure full visibility of their email ecosystem.
DMARC: Your best defense
DMARC prevents unauthorized senders from using your domain to send email. When properly enforced, it stops domain spoofing, Business Email Compromise (BEC) and phishing emails from reaching customers, partners, and employees.
Advice from the experts
DMARC is a powerful tool, but the individual user should still remain vigilant against compromised or hijacked accounts. The best cybersecurity defense is a multi-layered approach that includes DMARC, alongside robust password management, avoidance of suspicious links and regularly updating your security information.
Implementing DMARC doesn’t need to be a headache. With Red Sift OnDMARC, you can simplify the process by removing the manual work of analyzing DMARC reports to spot threats, while streamlining your journey to full enforcement (p=reject) with confidence.
OnDMARC supports organizations by preventing phishing attacks at their source. By enforcing DMARC with OnDMARC, organizations prevent unauthorized senders from using their domain to deliver malicious emails, cutting off a key attack method before it reaches the inbox. OnDMARC simplifies deployment with guided workflows, visibility into email authentication, and automated recommendations to fix issues quickly.
Combined with its support for SPF, DKIM, TLS reporting, and MTA-STS assessments, OnDMARC gives organizations the control and insight they need to protect their domain, maintain trust, and reduce the risk of phishing, ransomware, and business. Get started today with a free 14-day trial.
