Deepfakes and Phishing: Key Cybersecurity Threats in 2025

deepfake deepfake

Estimated reading time: 5 minutes

By 2025, cybersecurity will no longer be limited to servers or firewalls, but will extend to every employee’s inbox, internal video calls, audio messages received via WhatsApp, or even a simple access request. The reason? The unstoppable rise of phishing, deepfakes, and generative artificial intelligence.

Phishing in 2025: More Credible, Targeted, and Dangerous

Traditional phishing has evolved into one of the most sophisticated and effective threats. Today, attackers don’t just copy a login page or send a generic email; they use generative AI to:

  • Write perfect messages, free of grammatical errors.
  • Imitate a company’s tone of voice or internal language.
  • Customize attacks using real data from LinkedIn or social media.

This combination results in spear phishing, where each attack is tailored to the victim. According to ElDerecho.com, more than 60% of cyberattacks in Spain in 2025 will begin with phishing.

Deepfakes: The Most Dangerous Face of Deception

If phishing relies on words to deceive, deepfakes rely on images and voices. By 2025, it will be technically possible to create a video or audio clip of a CEO requesting an urgent transfer… and no one will doubt its authenticity.

This has given rise to deepfake vishing, an increasingly common form of fraud in corporate settings. “Fake” executives, manipulated recordings, and cloned audio are being used in scams that have already cost companies around the world millions.

According to Red Seguridad, 45% of the most advanced cyberattacks already combine GenAI tools to increase their success rate.

Generative AI has changed everything

The real turning point is not just the emergence of new attacks, but the complete democratization of the tools used to carry them out.

Years ago, faking a video or audio clip required technical expertise, powerful equipment, and a lot of time. However, today anyone with an internet connection can use tools such as:

  • ElevenLabs: for hyper-realistic cloning of human voices.
  • Runway or Pika Labs: to create videos in seconds using text.
  • Midjourney and DALL·E: for creating extremely high-quality fake images.
  • Copilot, Gemini, ChatGPT: for writing emails, scripts, and believable texts in a matter of seconds.

We’re no longer talking about cybercriminals in basements; they can even be amateurs, capable of launching sophisticated attacks with virtually no technical or financial barriers—carrying out, for example, CEO fraud with almost no difficulty.

How should companies respond?

The only possible answer is education, awareness, and prevention.

Here are some practical recommendations for the 2025–2026 school year:

  • Implement multi-factor authentication (MFA) for all sensitive access points.
  • Strengthen internal verification protocols, especially for transfers and critical decisions.
  • Train all employees using real, up-to-date case studies.
  • Use deepfake and phishing detection tools integrated into email, video calls, and internal channels.
  • Promote a culture of cyber awareness, in which reporting concerns or unusual behavior is the norm.

Today’s attacks don’t always bring down systems, but they do undermine trust. And they do so from within, using our own voice, face, or internal structure against us.

Phishing, deepfakes, and generative AI aren’t problems of the future—they’re already here. That’s why it’s important to prioritize preventive, cross-functional, and continuous cybersecurity, where technology and the human factor always go hand in hand.

Date
September 18, 2025

You may also be interested in