Malware threats through harmful URLs surpass email attachments as the most prevalent form of online danger
=============================================================================================
In the ever-evolving world of cybersecurity, a new report from Proofpoint reveals a significant shift in phishing tactics. Over the past year, there has been a sharp rise in the number of phishing and URL-based attacks, with around 3.7 billion URL-based threats observed over a six-month period.
This trend towards URL-based attacks is concerning as malicious URLs are now used four-times as often as attachments in email threats. Defending against these threats requires a multi-layered, AI-powered detection strategy, coupled with a human-centric security approach.
Cybercriminals are increasingly preferring URLs over attachments because they are easier to disguise and more likely to evade detection. The primary attacker goal remains credential theft, often achieved through impersonation of trusted brands and fake error or CAPTCHA prompts designed to lure users into running malicious code or submitting personal information.
Some URL-based credential phishing campaigns with high volumes have been facilitated by off-the-shelf 'phish kits' like CoGUI and Darcula. CoGUI, primarily used by Chinese-speaking threat actors, is one such tool that allows low-skilled actors to deploy highly convincing campaigns.
Another worrying trend is the rise in QR code phishing threats. Over 4.2 million QR code phishing attacks were identified in the first half of 2025 alone. These attacks bypass typical enterprise protections by redirecting users outside conventional security monitoring systems when scanned.
Cybercriminals are also leveraging smishing (SMS phishing) campaigns. Smishing attacks have increased by approximately 250% in 2025. Attackers use SMS messages with malicious URLs to trick mobile users into credential theft or malware downloads.
To evade detection, cybercriminals are using advanced social engineering techniques and AI-generated content to create their malicious URLs. Around 80% of phishing attacks in 2025 involve AI-generated emails or messages, often created with large language models that produce convincing, high-text-volume emails rapidly and at scale.
Emerging techniques such as blob URI phishing and malicious media in messaging apps are also being used to deliver malware and steal data. Blob URI phishing attacks use browser-based tactics to evade AI and security filters, while malicious media in messaging apps, such as seemingly harmless content like memes on WhatsApp, deliver malware once downloaded.
In summary, the evolving threat landscape underscores the need for advanced detection technologies, user education focusing on identifying URL anomalies and phishing cues, and defense strategies that include monitoring for QR code and SMS phishing vectors. As the tactics used by cybercriminals become more sophisticated, it is crucial for organisations and individuals to stay vigilant and adapt their security strategies accordingly.
[1] Proofpoint 2025 Threat Report [2] Radware 2025 Threat Report [3] Cisco 2025 Threat Report [4] McAfee 2025 Threat Report
Cybersecurity professionals in finance must recognize the increase in URL-based attacks, as malicious URLs are now used four times as often as attachments in email threats. To combat these threats, a multi-layered security strategy that includes AI-powered detection and human-centric security approaches is necessary.
In addition to URL-based threats, cybercriminals are also leveraging QR code phishing attacks and smishing campaigns, making it essential for organizations to expand their defense strategies to include monitoring for these vectors.
