Riyadh, Saudi Arabia – August 17, 2025

Cybersecurity leader Kaspersky has revealed a 22.5% surge in phishing attempts in the Kingdom of Saudi Arabia during Q2 2025, as attackers adopt AI-driven tactics to bypass traditional defenses. The rise underscores a global shift in phishing strategies, where criminals leverage AI-generated deepfakes, voice cloning, and compromised authentication methods to steal biometric data, electronic signatures, and handwritten signatures—data that, unlike passwords, cannot be reset if compromised.

AI-Powered Deception: Beyond Passwords

Modern phishing campaigns now target immutable identifiers, such as:

  • Biometric data (via fake “account verification” prompts requesting camera access).
  • Electronic signatures (through spoofed platforms like DocuSign).
  • Handwritten signatures (via fraudulent document upload prompts).

These attacks exploit AI-generated deepfakes and voice cloning to impersonate trusted figures—such as bank officials or colleagues—to steal sensitive data. For instance, attackers use Google Translate URLs (e.g., https://site-to-translate-com.translate.goog/...) to evade detection, while CAPTCHA integration on phishing sites tricks users into believing the pages are legitimate.

Emerging Threats: From Chrome Exploits to Targeted Scams

Kaspersky’s Operation ForumTroll investigation exposed a sophisticated campaign targeting Russian media, education, and government sectors in early 2025. Attackers sent personalized emails inviting victims to the “Primakov Readings” forum, exploiting a zero-day Chrome vulnerability to compromise systems without user interaction.

“AI transforms phishing into a hyper-personalized, stealthy threat. Attackers no longer aim for passwords—they target irreversible data like biometrics and signatures. Trusted platforms are weaponized, and CAPTCHA is now a cloak for fraud,” warns Olga Altukhova, security expert at Kaspersky.

Stay Protected: Critical Defenses for Individuals & Businesses

To combat this evolving threat, Kaspersky recommends:

  1. Verify all unsolicited messages (even seemingly official ones) and avoid sharing 2FA codes.
  2. Scrutinize suspicious media (e.g., deepfakes with unnatural movements or overly generous offers).
  3. Reject camera access requests from unverified sites and avoid uploading signatures online.
  4. Limit sensitive data sharing (e.g., document scans or work credentials).
  5. Deploy advanced protection:
  • Kaspersky Next (for enterprises)
  • Kaspersky Premium (for individuals)

As cybercriminals weaponize AI, the stakes grow—compromising biometrics or signatures can lead to permanent identity theft. Stay vigilant: never trust unverified requests for personal data.

🔍 Learn more in Kaspersky’s latest report on Securelist.com.

Why this matters: With phishing attempts rising by 22.5% in Q2 2025, businesses and individuals must adapt. AI-driven phishing no longer relies on brute force—it mimics human behavior to steal irreversible data.

📌 Need help securing your systems? Explore Kaspersky’s solutions today.

This article reflects real-world threats. Always cross-verify requests for personal data.