Phishing complaints surge 85% year over year, report says

A recent consumer report finds that phishing and spoofing attacks are climbing, with AI helping fraudsters refine their tactics.

What happened

Phishing and spoofing scams increased by more than 85% year over year, according to a new report from the National Consumers League covered by CNET. The report analyzed 1,376 fraud complaints and found that the average financial loss per incident more than doubled from $1,000 to $2,060. Web-based scams accounted for 48% of complaints, signaling a shift away from phone-based fraud as the dominant tactic. The findings align with broader federal data showing consumer fraud losses continue to increase, with the US Federal Trade Commission reporting more than $12 billion in losses in 2024, representing a 25% increase from the previous year.

Going deeper

Generative AI is changing how phishing campaigns are crafted and delivered. Attackers now use AI tools to clone voices, create deepfakes, localize scam messages, and tailor language to specific victims, making fraudulent communications far more convincing. Instead of sending poorly written mass emails, scammers can quickly generate polished messages that closely resemble legitimate organizations or trusted contacts. Younger adults are not immune to these tactics. Millennials accounted for 39.8% of total fraud complaints in the National Consumers League report, and complaints from adults aged 26 to 35 increased by 68.1% year over year. Older adults aged 56 and above still represented 37.94% of complaints, showing that phishing risk spans generations.

What was said

John Breyault, Vice President of Public Policy, Telecommunications and Fraud at the National Consumers League, said in a statement cited by CNET on March 2, 2026, “Given widespread evidence that scammers are increasingly using artificial intelligence tools to craft better pitches, the rise in phishing complaints is particularly concerning.” His comments accompanied the release of a new NCL report and point to growing concern that AI tools are making it easier for criminals to create more convincing and effective fraud campaigns.

In the know

Federal enforcement data supports the trend identified in the NCL study. The Federal Trade Commission reported that Americans lost more than $12 billion to fraud in 2024, a 25% increase year over year, marking the highest annual loss recorded by the agency. FTC data shows online scams account for a growing share of complaints, with impersonation scams, investment fraud, and email-based schemes among the most common. Rising complaint volumes and higher average losses suggest phishing has moved beyond small-scale opportunistic activity into a scalable, technology-driven fraud model that combines social engineering, meaning psychological manipulation, with artificial intelligence-driven personalization.

The big picture

An 85% surge in phishing complaints is being described as the "canary in the coal mine" for a security environment struggling to keep pace with AI-driven attacks. According to the Paubox 2026 Healthcare Email Security Report, 74% of breached organizations lacked effective DMARC enforcement, allowing AI-crafted spoofed emails to reach inboxes unchecked. Risk is compounded by internal exposure, as 85% of healthcare IT leaders suspect staff are using unauthorized AI tools, creating "Shadow AI" pathways that attackers can exploit.

As AI-generated scams become nearly indistinguishable from legitimate clinical communication, 41% of organizations are now classified as "High Risk," a ten-point increase year over year. The findings suggest that "brand-name solutions alone aren't preventing breaches" without consistent enforcement, reinforcing the need for "security by default" and AI-powered inbound defenses such as ExecProtect+ to block credential-focused fraud before damage occurs.

FAQs

Why is AI making phishing more effective?

AI enables attackers to generate realistic language, mimic writing styles, clone voices, and produce convincing multimedia content, increasing the credibility of scam messages and reducing obvious warning signs.

Are younger adults less vulnerable to phishing scams?

The NCL data indicate that younger adults are increasingly targeted and affected, with significant year-over-year growth in complaints among adults aged 26 to 35.

Why are web-based scams increasing compared with phone scams?

Online platforms allow scammers to automate outreach at scale and use AI tools to personalize messages, making web-based channels more efficient for large-scale fraud operations.

What types of scams are most common in these reports?

Common categories include fake check scams, sweepstakes fraud, internet merchandise scams, impersonation schemes, and investment scams.

How can individuals verify suspicious communications?

Independent verification is recommended, including researching phone numbers, business names, and websites directly rather than relying on caller ID, embedded links, or contact information provided in unsolicited messages.