The European Union has launched its 2025 European Cybersecurity Month (ECSM) campaign, with a clear focus on combating phishing a persistent and evolving cyber threat underpinning 60% of all cyberattacks within the EU and globally. Coordinated by the EU Agency for Cybersecurity (ENISA) and the European Commission, this awareness campaign titled #ThinkB4UClick aims to empower citizens and organizations to recognize and thwart phishing attempts in an era of increasingly sophisticated cybercriminal techniques leveraging artificial intelligence (AI).
Understanding the Phishing Threat Landscape in 2025
Dominance of Phishing in Cybercrime
Phishing continues to be the primary entry point exploited by attackers to infiltrate networks, steal credentials, and disrupt operations. Recent data highlights a substantial increase in the scale and complexity of phishing campaigns:
- According to the Anti-Phishing Working Group (APWG), over 1.13 million phishing attacks were tracked in the second quarter of 2025 alone, marking a 13% increase from the previous quarter. These attacks targeted 345 distinct global brands, illustrating the widespread nature of phishing across sectors.
- Globally, phishing email volumes surged to 102 billion in 2025, a 22% increase year-over-year, with Europe accounting for around 27% of this traffic, underscoring the EU’s central role in the global cybersecurity landscape.
- The rise of Phishing-as-a-Service (PhaaS) platforms has democratized access to sophisticated phishing tools, resulting in a 49% jump in campaigns, especially targeting sensitive sectors like healthcare, which saw a 35% increase in attacks on patient scheduling and billing systems.
The Expanding Scope of Phishing Attack Methods
Phishing variants have diversified, involving not only traditional email scams but also SMS phishing (smishing), voice phishing (vishing), QR-code based phishing (quishing), and complex business email compromise (BEC) schemes. AI-generated phishing content enhances the credibility and scale of phishing campaigns, as over 80% of social engineering attacks now exploit AI to craft more convincing fraudulent messages, blurring the lines between real and fake communications.
Industry and Infrastructure Under Threat
Critical infrastructure and government institutions across 18 EU countries report a 42% rise in phishing attempts, reflecting attackers’ focus on high-impact targets. Mobile device users have become increasingly vulnerable, receiving nearly 28% of all phishing emails, while remote or cloud-based work environments have seen a 30% increase in phishing incidents compared to traditional office setups. On average, phishing campaigns persist for about 96 hours before detection, with spam filters blocking nearly 29 attempts per user monthly, highlighting ongoing challenges in timely threat mitigation.
The EU’s Strategic Response: #ThinkB4UClick Campaign
Campaign Goals and Target Audience
Under the banner of the #ThinkB4UClick initiative, the EU’s cybersecurity campaign emphasizes proactive vigilance and education. Its core message encourages individuals and organizations to pause and verify before clicking links, opening attachments, or sharing sensitive information simple but critical steps to counter phishing’s deceptive tactics.
The campaign targets EU citizens, businesses, educational institutions, and public sector organizations with tailored training modules, simulated phishing exercises, and extensive public outreach. Coordination among EU institutions, member states, civil society, and private stakeholders ensures broad engagement and uniform messaging.
High-Level Endorsements and Messages
Henna Virkkunen, Executive Vice-President for Technological Sovereignty, Security and Democracy at the European Commission, underlined the campaign’s urgency:
“Cybersecurity is not just about technology; it is a critical condition for all sectors of society and a shared responsibility. Phishing attacks and other cyber threats can have devastating consequences, disrupting critical infrastructure and businesses, and undermining trust in the digital world. By staying vigilant and taking simple steps to protect ourselves online, we can all play a role in building a safer digital future.”
Collaborative Actions and Initiatives
The ECSM campaign’s multi-pronged approach includes:
- Public webinars and workshops to educate on phishing recognition.
- Simulated phishing tests for organizations to improve employee awareness.
- Creation and dissemination of up-to-date resources highlighting emerging phishing techniques.
- Engaging social media campaigns to spread cybersecurity best practices among youth and vulnerable user groups.
The initiative aligns with ENISA’s broader mandate to monitor evolving threat landscapes and support member states in strengthening cyber resilience.
Challenges Ahead: AI and Cybercriminal Sophistication
Artificial intelligence has become a double-edged sword in cybersecurity. While AI tools help defenders with threat detection, attackers exploit AI to automate and personalize phishing attacks—creating highly sophisticated, believable scams that can bypass conventional defenses. The convergence of technologies means traditional awareness must evolve rapidly to keep pace with threats.
EU cybersecurity authorities warn that the phishing landscape will continue to intensify, demanding ongoing education, rapid incident reporting, and stronger technical defenses at organizational and national levels.
The EU’s 2025 cybersecurity awareness campaign against phishing represents a vital effort to fortify digital defenses in the face of escalating and increasingly complex cyber threats. Phishing remains the most common and damaging cyberattack vector, exacerbated by advances in AI and expanding digital ecosystems.
Through coordinated public outreach, training, and legislative support, the EU seeks to empower all users from citizens to executives to recognize, resist, and report phishing attacks. The call to action embodied in #ThinkB4UClick stresses that cybersecurity is a shared responsibility fundamental to building trust and securing Europe’s digital future.
As cybercriminals grow ever more adaptive, the EU’s efforts to raise awareness and improve cyber hygiene are indispensable for safeguarding individuals, businesses, and critical infrastructure across the continent.
