---
title: "Scan Carefully First, Education Under Threat, AI Phishing Surge | DMARC Report"
description: "Scan Carefully First, Education Under Threat, AI Phishing Surge from DMARC Report explains practical steps for email authentication, domain protection."
image: "https://dmarcreport.com/og/blog/scan-carefully-first-education-under-threat-ai-phishing-surge.png"
canonical: "https://dmarcreport.com/blog/scan-carefully-first-education-under-threat-ai-phishing-surge/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Scan Carefully First, Education Under Threat, AI Phishing Surge
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fscan-carefully-first-education-under-threat-ai-phishing-surge%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Scan%20Carefully%20First%2C%20Education%20Under%20Threat%2C%20AI%20Phishing%20Surge&url=undefined%2Fblog%2Fscan-carefully-first-education-under-threat-ai-phishing-surge%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fscan-carefully-first-education-under-threat-ai-phishing-surge%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fscan-carefully-first-education-under-threat-ai-phishing-surge%2F&title=Scan%20Carefully%20First%2C%20Education%20Under%20Threat%2C%20AI%20Phishing%20Surge "Share on Reddit") [ ](mailto:?subject=Scan%20Carefully%20First%2C%20Education%20Under%20Threat%2C%20AI%20Phishing%20Surge&body=Check out this article: undefined%2Fblog%2Fscan-carefully-first-education-under-threat-ai-phishing-surge%2F "Share via Email")
> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Scan Carefully First, Education Under Threat, AI Phishing Surge
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-38909” readonly/>
```
```
Last week was all about phishing attacks that targeted naive users left, right, and center. Research findings revolved around an upsurge in AI-backed phishing attacks, while experts have noticed phishing QR codes as an emerging threat in the [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) landscape. Meanwhile, India has been experiencing 3,100 phishing attacks per week.
The silver lining in the dark clouds is that a group of students used phishing tactics against their teachers, but with good intentions.
## **Think twice before scanning that QR code next time!** QR codes have become popular since the **advent of the pandemic**. They have easily penetrated into our daily lives. But experts suggest using QR codes with extra caution, as phishing actors have started to abuse QR codes for their [malicious intentions](https://www.foxnews.com/us/brown-shooting-videos-show-malicious-intent-awkward-gait-clues-identify-him-body-language-expert).
As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
On average, out of 75,000 QR codes, [15%](https://unit42.paloaltonetworks.com/qr-codes-as-attack-vector/) are associated with malicious links. This means a whopping 11,000 QR code-based phishing attempts are being made on a daily basis.
Today, threat actors use multiple strategies and tactics to evade detection and **security controls**. Some of the common tricks that they use involve QR code shorteners, direct app file downloads, and in-app deep links. These are not the simple QR code scanning-based [threat attacks](https://www.aljazeera.com/news/2026/1/28/make-deal-or-face-far-worse-attack-trump-tells-iran-in-new-threat). Rather, the evolution of attack strategies hints at the sophistication, intelligence, and adaptability of the phishing actors. \*\*Cybersecurity experts recommend regular analysis of [QR codes](https://www.fortinet.com/resources/cyberglossary/what-is-a-qr-code) on different websites. These can be done with the help of security crawlers and similar security solutions . Also, different QR code detection techniques, such as [deep links](https://apptrove.com/what-is-deep-links/), standard HTTPS URLs, and Non-URL content, can be used to understand the different types of data stored in QR codes.
## \*\*The Indian education sector is facing 3,100 threat attacks per week India has a mind-boggling [950 million](https://www.deccanherald.com/technology/india-faces-3100-weekly-cyber-attacks-education-sector-worst-hit-amid-ai-surge-3901577) active users on the internet. At the same time, the South Asian nation is experiencing a spike in digital crimes. Experts believe that gen AI is further fueling the situation of crisis as more and more threat actors are getting sophisticated with their threat campaigns.
A[report](https://www.deccanherald.com/technology/india-faces-3100-weekly-cyber-attacks-education-sector-worst-hit-amid-ai-surge-3901577) suggests that India is experiencing \*\*3,100 weekly threat attacks, which is **2%** higher than last year. The worst-hit sector in India currently is the educational sector. Each academic organization is being targeted as many as \*\*7684 times every week! Apart from the educational sector, business entities and government organizations are also being targeted by [threat actors](https://cybersecuritynews.com/beware-of-fake-shops-from-threat-actors/).
The [VP of Research](https://researchroles.northwestern.edu/vice-president-for-research/) at **Check Point, Lotem Finkelstein**, believes that artificial intelligence is tremendously improving the game for the threat actors. AI not just helps them to boost the volume of the work, but it also enables them to transition from manual processes to [high-end automations](https://www.linkedin.com/company/high-end-automation).
## **AI-backed phishing attacks spiked in 2025!** Cybersecurity experts have noticed a [significant spike in AI-powered phishing attacks ](https://cyberpress.org/ai-phishing-attacks-surge/)that have the ability to bring a paradigm shift in the cyber fraud landscape. Conventional phishing tactics are no longer relevant. So cybercrooks use high-end, sophisticated AI-backed phishing tactics to evade **security systems**.
The reason for the increased success rate of AI-powered phishing attacks is the deep analysis of the target’s likes and dislikes, online behavior, and other factors. The same data is then leveraged to come up with [hyper-personalized emails](https://glockapps.com/blog/unlock-the-full-potential-of-email-marketing-through-hyper-personalization/), voice calls, or text messages. These malicious messages and emails sound legitimate and safe .
Enterprises are required to analyze and upgrade their current cybersecurity mechanisms. From base-level employees to top-level executives, teams must be trained around basic [digital hygiene](https://www.forbes.com/councils/forbestechcouncil/2025/11/14/digital-hygiene-habits-that-strengthen-business-and-personal-security/) and intricate cybersecurity mechanisms. Deploying apt cybersecurity setups and using AI tools cautiously can also help \*\*safeguard your data \*\*against AI-backed, sophisticated [phishing campaigns](https://www.malwarebytes.com/blog/news/2026/01/phishing-campaign-abuses-google-cloud-services-to-steal-microsoft-365-logins).
Cybersecurity experts are urging organizations to \*\*strengthen email security by properly implementing [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/blog/how-spf-can-help-organizations-in-improving-email-security-and-thwarting-spam-phishing-and-email-spoofing/) protocols to combat rising [phishing and spoofing](https://www.scworld.com/brief/fbi-us-officials-spoofed-in-ongoing-voice-sms-phishing-campaign) attacks worldwide.
## **Teachers duped by students, but with good intentions!** 
[164 ](https://www.edweek.org/technology/these-students-tricked-teachers-with-phishing-emails-for-a-good-cause/2026/02)employees of the Eminence Independent School received [malicious emails](https://www.securitymagazine.com/articles/100687-the-last-six-months-shows-a-341-increase-in-malicious-emails). Each of these emails looked urgent, genuine, and coming from an official source an educational institution based in a **rural Kentucky district**. The emails consisted of two very short, generic paragraphs that asked the staff to click on a link and acknowledge the latest guidelines. Out of the 164 recipients, \*\*29 employees fell prey to the trap. When they clicked the allegedly [malicious link](https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html), they were redirected to a page signed by the school’s students. The page informed employees that they had fallen victim to a malicious email.
The page also stated that these emails were sent to “inform people about the dangers of phishing and ways to avoid losing their personal information.” The page promised the recipients that more information would be shared in the upcoming days.
This was an assignment designed by Jennifer Gilbert, the school librarian, to educate school staff and students about phishing attacks. \*\*Gilbert believes that basic cybersecurity lessons are [non-negotiable](https://www.investopedia.com/terms/n/nonnegotiable.asp) in today’s time.
## Sources
- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Scan Carefully First, Education Under Threat, AI Phishing Surge","description":"Scan Carefully First, Education Under Threat, AI Phishing Surge from DMARC Report explains practical steps for email authentication, domain protection.","url":"https://dmarcreport.com/blog/scan-carefully-first-education-under-threat-ai-phishing-surge/","datePublished":"2026-02-18T12:12:34.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2026-02-18T12:12:34.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/scan-carefully-first-education-under-threat-ai-phishing-surge/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":1132,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Scan Carefully First, Education Under Threat, AI Phishing Surge","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Scan Carefully First, Education Under Threat, AI Phishing Surge","item":"https://dmarcreport.com/blog/scan-carefully-first-education-under-threat-ai-phishing-surge/"}]}
```