FRAUD & ID VERIFICATION
AI as a partner in cybercrime Long gone are the days of spotting phishing emails by their ridiculous grammatical errors and ludicrous spelling mistakes. Generative AI now allows threat actors to craft flawless, compelling phishing emails that impersonate vendors, partners and employees. This has led to a dramatic rise in ClickFix schemes, AI-augmented phishing and Business Email Compromise( BEC). Mimecast has noted a significant increase in the sophistication of the social engineering attacks that exploit human vulnerabilities, especially with ClickFix Schemes.
In such schemes, attackers use fake error messages or verification prompts to lure users into copying and pasting malicious commands on their own devices.
“Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organised, state-sponsored adversaries”
Ranjan Singh, Chief Product & Technology Officer Mimecast
Attackers are Living Off Trusted Services( LOTS) Cyber attacks exploiting human trust by using services and business tools that employees interact with daily are shown to be evolving. Platforms like Adobe Pay, DocuSign and Salesforce are weaponised in their schemes, with the report showing that DocSend was the most abused service in 2025.
Threat actors use legitimate, customised CAPTCHA services to not just trick victims, but also to slow threat detectors’ ability to detect attacks.
Mimecast has detected over 900,000 unique CAPTCHA-protected URLs each month in the US and UK, linked to the notorious cybercrime group Scattered Spider.
Ranjan says that threat actors are abandoning traditional malware in favour of legitimate Remote Monitoring and Management( RMM) tools like ScreenConnect, TeamViewer and AnyDesk.
“ These legitimate tools provide persistent remote access while blending with authorised business software,” he says.“ They’ re often whitelisted, making detection exponentially harder than traditional malware.
“ Email security has become so effective at catching malware, that attackers have completely changed tactics. They’ re no longer deploying malicious code, they’ re weaponising your trusted software.”
122 January 2026