Cybercriminals are not always inventing new methods for phishing attacks; instead, they are actively reusing and refining established techniques to bypass modern security measures. This evolution focuses on adapting older strategies to exploit user trust and circumvent automated detection systems. Threat actors demonstrate a clear pattern of enhancing existing tactics for greater effectiveness.

One of the most significant trends is the increased use of QR code phishing, or ‘quishing’. In late 2023, a widespread campaign targeted corporate users to steal their Microsoft credentials. The threat actors embedded malicious QR codes into PNG images and PDF attachments, a method that often bypasses email security filters designed to scan for text-based links. When scanned, these QR codes redirected victims to phishing pages.

Abuse of Legitimate Services and Evolving Deception

Threat actors are increasingly abusing legitimate cloud services to host malicious content. By using trusted platforms like SharePoint and OneDrive, attackers leverage the inherent trust associated with these domains. One observed campaign involved sending emails with links to password-protected PDF files hosted on SharePoint. These links often included the recipient’s email address as a parameter, which allowed the phishing page to pre-fill the login form, adding a layer of perceived authenticity.

This reliance on trusted platforms is a refinement of older tactics, making it more challenging for both automated systems and cautious users to identify the threat. Attackers also continue to use classic methods like typosquatting, registering domains that closely mimic legitimate ones to trick users. The use of multiple redirects, where an initial link points to a compromised but legitimate site before forwarding to the final phishing page, is another technique used to evade detection.

The Modernization of Business Email Compromise (BEC)

Business Email Compromise (BEC) attacks have also evolved beyond simple CEO impersonation requests for wire transfers. Attackers are now crafting more intricate social engineering schemes. These include spear-phishing emails that impersonate internal departments like Human Resources or IT support. For instance, attackers have sent emails disguised as HR announcements about a new bonus payment system. These messages lured victims to a fake authentication page designed to harvest their corporate credentials. This approach preys on the employee’s expectation of receiving official internal communications, making the attack more convincing.

Source: https://securelist.com/email-phishing-techniques-2025/117801/