Browser phishing has surged by 140%, with zero-hour phishing attacks rising 130%, driven by increased browser reliance, zero-day vulnerabilities, and advanced criminal tactics. Attackers are exploiting gen-AI to create convincing phishing sites, bypassing credential theft by embedding malware in PDFs disguised as legitimate documents. Mobile browsers are particularly vulnerable due to limited URL visibility and auto-login features, making them prime targets for phishing. Phishing-as-a-Service (PhaaS) platforms like Tycoon 2FA are accelerating these attacks, accounting for 89% of incidents seen in early 2025. To mitigate these risks, businesses must adopt Browser Detection and Response (BDR) solutions, enforce URL verification practices, and educate users on evolving phishing techniques. Continue here.
