Cyberattackers are using phishing to target government networks more than ever, with the government sector logging a 50% increase in phishing attacks in 2025, according to a new report from the cybersecurity platform provider Zscaler.
The Zscaler ThreatLabz 2026 Phishing and Initial Access report found that phishing attacks on the government rose from 92.4 million to 138.5 million between 2024 and 2025. Globally, government was the third-most targeted industry in the Zscaler cloud, the report said.
“Public sector organizations cannot reduce their digital footprint and attackers know it. The incentives are broader, ranging from disruption to intelligence gathering to influencing operations,” said the report, which contained multiple recommendations to help government and other sectors fight off phishing attacks.
As an example, the report cited a March 2026 Internal Revenue Service (IRS) warning to taxpayers to beware of what it called the Dirty Dozen tax scams.
The tax collection agency “identified impersonation scams as one of the most prevalent threats, where attackers are using email, SMS, and even QR codes to mimic official IRS communications and direct users to fraudulent portals designed to steal credentials and financial data,” the Zscaler report said.
The increase in phishing scams targeting government was something of an outlier, as the report found that the overall volume of phishing attacks declined for a second straight year, dropping nearly 20% year over year in both 2024 and 2025 after peaking at 2 billion hits in 2023.
Email phishing attacks in the education sector, for example, fell 65.6% year over year after seeing “major phishing growth in prior reporting periods.” The report attributed the shift to “the continued hardening of the platforms schools rely on.”
But Zscaler downplayed the overall phishing decrease, calling it “not a retreat, but a recalibration as stronger email controls, identity defenses, and platform-level enforcement disrupt large-scale delivery.”
“Although phishing volume declined in 2025, attackers did not step back,” the report said. “Instead, they shifted their focus towards industries that are the easiest to access and have the biggest risk to lose.”
Artificial intelligence (AI) is fueling what the report called “this next phase of phishing, helping attackers industrialize highly convincing campaigns that look and feel like legitimate business interactions.”
A June 17 Zscaler blog post noted that ThreatLabz identified 413,524 AI-generated site instances, flagging 9% as malicious. Despite the overall decline, it said, the phishing “campaigns that remain are more targeted, more AI-powered, and harder to distinguish from legitimate activity.”
In addition to government, attacks in the services sector surged 65.5% year over year, growing from 330.9 million to 547.7 million hits, the report found.
“Services operate on high volume, trust-based interactions such as billing, onboarding, renewals, and support communications. These are environments where attackers can blend in easily by impersonating vendors, hijacking invoices, and capturing credentials,” the report said.
Overall, it noted, the largest share of phishing activity targeted the United States, but volume declined 13.35% year over year from 773.4 million hits in 2024.
To help cyber defenders fight back, the report listed a series of best practices for “defending against attack surface discovery and initial compromise.”
They included reducing publicly exposed services and metadata that can be harvested; continuously auditing internet-facing assets, misconfigurations, and access paths; patching aggressively and placing applications behind a cloud broker instead of exposing networks, and assuming that any exposed service can and will be probed.