Sign up to save your podcasts
Or
Share State of Phishing 2025: Why SVGs Spiked (and What Still Works)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
State of Phishing 2025: Why SVGs Spiked (and What Still Works)
Episode #8
Security leaders don’t need more headlines - they need inbox reality: what bypasses filters, what people click, and where to train next.
In this episode, host Eliot Baker sits down with Maxime Cartier, Hoxhunt’s Head of Human Risk Management, , to unpack the State of Phishing 2025: why SVG attachments spiked, what still works, how the Microsoft vs. Google stack changes the threat mix, and the training moves that actually change behavior.
What you’ll learn in this episode:
Why SVGs surged: “image-as-code,” how attackers weaponize it, and a typical kill chain.
What still works: PDFs/HTML + DocuSign, HR, and fake voicemail lures.
Inbox layer > filter layer: focus on what reaches people, not what got blocked.
Microsoft 365 vs. Google Workspace: different lure patterns, different coaching.
Metrics that matter: report rate and time-to-report vs. legacy completion stats.
“Report > Don’t Click”: building a high-signal reporting culture without blame.
Verification tactics: quick cross-channel checks that prevent costly clicks.
Program design: simulate what’s bypassing now and coach with instant feedback.
Timestamps:
(00:38) The Cost and Prevalence of Phishing in the Age of AI
(02:11) Good News in Cybersecurity Reports
(03:25) The Importance of Effective Security Training
(06:34) AI's Role in Scaling Phishing Attacks
(08:15) Deep Dive into AI-Generated Phishing
(13:37) AI in Personalized Spear Phishing
(16:52) The Threat of DeepFakes
(18:16) Real-World Examples of DeepFake Attacks
(25:00) Spotting DeepFakes: Tips and Tricks
(27:32) Phishing: The Dominant Threat
(28:51) Top Phishing Trends for 2025
(38:38) Industry-Specific Threats and Insights
(42:16) Innovative AI Solutions for Cybersecurity
Resources:
- SVG Phishing Email Attachments (Mini-Report 2025): https://hoxhunt.com/blog/svg-phishing-email-attachments-mini-report
- Our guide to deepfake training: https://hoxhunt.com/blog/deepfake-attacks
Host links:
- Eliot Baker: https://fi.linkedin.com/in/eliotebaker
- Maxime Cartier: https://se.linkedin.com/in/maximecartier
****
All Things Human Risk Management is a Hoxhunt Original Podcast.
Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.
Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.
Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.
View all episodes
By HoxhuntEpisode #8
Security leaders don’t need more headlines - they need inbox reality: what bypasses filters, what people click, and where to train next.
In this episode, host Eliot Baker sits down with Maxime Cartier, Hoxhunt’s Head of Human Risk Management, , to unpack the State of Phishing 2025: why SVG attachments spiked, what still works, how the Microsoft vs. Google stack changes the threat mix, and the training moves that actually change behavior.
What you’ll learn in this episode:
Why SVGs surged: “image-as-code,” how attackers weaponize it, and a typical kill chain.
What still works: PDFs/HTML + DocuSign, HR, and fake voicemail lures.
Inbox layer > filter layer: focus on what reaches people, not what got blocked.
Microsoft 365 vs. Google Workspace: different lure patterns, different coaching.
Metrics that matter: report rate and time-to-report vs. legacy completion stats.
“Report > Don’t Click”: building a high-signal reporting culture without blame.
Verification tactics: quick cross-channel checks that prevent costly clicks.
Program design: simulate what’s bypassing now and coach with instant feedback.
Timestamps:
(00:38) The Cost and Prevalence of Phishing in the Age of AI
(02:11) Good News in Cybersecurity Reports
(03:25) The Importance of Effective Security Training
(06:34) AI's Role in Scaling Phishing Attacks
(08:15) Deep Dive into AI-Generated Phishing
(13:37) AI in Personalized Spear Phishing
(16:52) The Threat of DeepFakes
(18:16) Real-World Examples of DeepFake Attacks
(25:00) Spotting DeepFakes: Tips and Tricks
(27:32) Phishing: The Dominant Threat
(28:51) Top Phishing Trends for 2025
(38:38) Industry-Specific Threats and Insights
(42:16) Innovative AI Solutions for Cybersecurity
Resources:
- SVG Phishing Email Attachments (Mini-Report 2025): https://hoxhunt.com/blog/svg-phishing-email-attachments-mini-report
- Our guide to deepfake training: https://hoxhunt.com/blog/deepfake-attacks
Host links:
- Eliot Baker: https://fi.linkedin.com/in/eliotebaker
- Maxime Cartier: https://se.linkedin.com/in/maximecartier
****
All Things Human Risk Management is a Hoxhunt Original Podcast.
Hoxhunt is the Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk.
Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love.
Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.