In the first half of 2025, the National Critical Information Infrastructure Protection Centre (NCIIPC), operating under the National Technical Research Organisation (NTRO), detected a significant 1,172 phishing domains. This information was shared with relevant entities to bolster the protection of critical information infrastructure.

Phishing remains a prevalent and evolving cyber threat, impacting individuals and organizations alike. Cybercriminals employ various techniques, including emails, texts, social media posts, and phone calls, to deceive victims into divulging sensitive information or downloading malware. These attacks often impersonate trusted entities, such as well-known brands or government agencies, to enhance their credibility. The consequences of successful phishing attacks can be substantial, ranging from financial losses and identity theft to data breaches and reputational damage.

Several trends have emerged in the phishing landscape in 2025. AI-powered phishing campaigns are on the rise, utilizing sophisticated techniques to craft convincing emails and deepfake impersonations. These AI-generated messages can be exceptionally difficult to detect, mimicking legitimate communication and bypassing traditional security measures. Another notable trend is the increasing use of HTTPS on phishing sites to appear legitimate, which complicates detection for users. Furthermore, attackers are diversifying their tactics by exploiting platforms beyond email, such as Slack, Teams, and social media. Smishing, or SMS-based phishing, is also growing rapidly, with a significant percentage of phishing attacks now delivered via text messages. QR code phishing, known as quishing, has also seen a year-over-year increase.

The NCIIPC's detection of over a thousand phishing domains in the first half of 2025 underscores the persistent and evolving nature of this threat. The agency also conducts annual security exercises across major cities, involving hundreds of participants to strengthen cybersecurity measures. These exercises likely aim to enhance awareness and preparedness among various stakeholders, including government entities, businesses, and individuals.

Several measures can be taken to mitigate the risk of phishing attacks. Organizations should prioritize cybersecurity awareness training for their employees, educating them on how to recognize and report phishing attempts. Such training can significantly reduce the number of successful phishing incidents. Implementing strong email security measures, such as spam filters and anti-phishing software, is also crucial. Additionally, individuals should exercise caution when clicking on links or opening attachments from unknown or suspicious senders. Verifying the legitimacy of requests for sensitive information, especially those received via email or text message, is also essential.

The fight against phishing is an ongoing battle that requires constant vigilance and adaptation. As cybercriminals continue to develop new and sophisticated techniques, individuals and organizations must remain informed and proactive in protecting themselves from these evolving threats.