Australians are in the crosshairs of cyber criminals who are unleashing a new wave of AI-powered phishing scams impersonating popular brands including Telstra, according to new data from Gen – the company behind internet security company Norton.
Gen has just released its threat report which looks at Q1 2025 and found a 186 per cent surge in breached personal information, a 466 per cent spike in phishing reports and a 17x increase in the number of fake browser update scams.
One scam was aimed at customers who use Telstra email.
Scammers would send a link to fake Telstra log-in page in a bid to expose their password and personal details.
“Online threats are evolving at a startling pace,” said Siggi Stefnisson, Cyber Safety CTO at Gen.
“Attackers are moving away from broad, indiscriminate campaigns to highly personalised, AI-enhanced deception.
“Breached data and AI tools are giving cybercriminals just enough personal information and design sophistication to more easily manipulate people.
“That’s why we constantly evolve our cybersecurity solutions to be an interactive partner in fighting scams and to be one step ahead of cybercriminals.”
Here are the notable trends from the Q1 2025 Gen Report:
DATA BREACHES
There has been a 36 per cent increase in the number of company breaches compared to the previous quarter while individual breaches grew by more than 186 per cent and exposed sensitive information like passwords, emails and credit card details.
Scammers used sophisticated, fast and hard-to-detect malware like Lumma Stealer, which is designed to sniff out browser passwords, cookies, cryptocurrency, data from email clients and much more.
PHISHING SCAMS
Phishing scams increased by a massive 466 per cent compared to the previous quarter and now makes up almost 32 per cent of all scam submissions to the Norton Genie Scam detector.
Data shows that some advanced phishing campaigns can mimic legitimate login portals with trusted domains.
Recently scams targeting AT&T, Telstra and Xfinity customers were harder to detect and therefore more likely to succeed.
These scams create a sense of panic for potential victims through emails that say they’re experiencing account issues or asking to review sensitive documents.
SCAM YOURSELF ATTACKS
More than four million users were protected by Gen from Scam Yourself Attacks where users, through complex deception, are manipulated into infecting their own devices.
The growth of this type of scam has been helped with the use of AI-generated personas, deep fake influencers and hired actors to deliver these malicious campaigns.
This scam, usually done through compromised YouTube accounts, uses fake CAPTCHA and asks people to verify they are human which instead offers device permissions or downloads malware.
MOBILE FINANCIAL THREATS
Many victims of financial threats are now being targeted through their smartphones with malware like banking trojans that overlay fake login pages to steal sensitive data such as crypto wallet credentials and credit card information.
Digital currencies are also becoming a popular target for financial threats.
In one case, attackers used deep fake videos of public figures spread through compromised YouTube accounts to steal almost $4m across more than 2,000 transactions.
SOCIAL MEDIA SCAMS
Social media platforms are enabling highly-targeted and convincing scams.
In Q1 2025, 63 per cent of all social media related threats were carried out on Facebook followed by YouTube at 22 per cent.
Other platforms like X, (7 per cent), Instagram (3 per cent) and Reddit were also in the mix.
