Why are attackers abandoning traditional email campaigns?
And how are they using new technologies to reach their targets across the digital landscape?
Phishing today is not just a fraudulent email. It is a highly adaptive cyber tactic that exploits every weakness – technical and human – across multiple digital channels. Rapid technological developments, the increasing availability of generative AI and new hybrid models of working have created the ideal environment for a new type of phishing: sophisticated, multi-channel and very difficult to detect.
Phishing as a psychological and technological challenge
While classic email phishing campaigns can often be detected using technologies such as antispam or by setting DNS records correctly (SPF, DKIM, DMARC…), modern phishing combines psychological tricks, technical ingenuity and knowledge of the victim’s internal environment. Attackers exploit not only human gullibility but other techniques – such as MFA push notifications, OAuth access tokens or team chat platforms.
Thanks to Phishing-as-a-Service and generative AI, even a less tech-savvy attacker can be behind a phishing attack today – and still compromise an entire organisation.
Where has phishing gone?
In the following series of articles, we will discuss the most significant trends of phishing attacks outside the classic email channel, which represent a key challenge for security teams today:
- Phishing using QR codes (quishing): how mobile devices bypass email filters and why employee training is not enough.
- Deepfake hanging: why “call back” is no longer enough – and how to defend yourself against voice impersonation scams.
- Proxy attacks bypassing MFA (AiTM): real-time session cookie stealing technique.
- Push bombing (MFA fatigue): social engineering targeting human fatigue.
- Phishing in collaboration platforms: tools like Teams or Slack are becoming the new battleground.
- AI-generated phishing: flawless style, fake identity and mass personalization.
- Phishing-as-a-Service: phishing as a service – available to everyone.
- OAuth abuse (consent phishing): why password protection is not enough.
- Social media impersonation (angler phishing): attackers in a support or recruiting role.
- SEO poisoning: phishing through ads and search engines.
- Hybrid attacks: combination of multiple channels and psychological manipulations.
Each of these types of attacks deserves a deeper analysis. Therefore, this series of articles will provide a detailed look at the technical principles, examples from practice, but most importantly, specific strategic measures to counter these attacks.
Why isn’t traditional protection enough?
While email security is important, it is far from enough today. Modern phishing campaigns use so-called. attack surfaceacross the entire IT environment. Successful defence must therefore include:
- Zero Trust approach: verify everything, don’t trust anything automatically – even legitimate-looking requests.
- Behavioral Analysis (UEBA): tracking anomalies in user and device behaviour.
- Real-time detection: deploying SIEM/SOAR tools that not only detect but also react to suspicious activities.
An example of this approach is the serviceSecuRadarwhich, through integration with Microsoft Sentinel, Entra ID and Defender products, not only detects phishing attacks across cloud, endpoints and email, but also automatically classifies, responds and suggests remediation measures in real time.
Phishing is a strategic challenge!
Phishing is not just a technical problem today. It’s a challenge for the entire security framework of a company. It requires a combination of training, the right architecture, advanced analytics and the ability to respond in real time. The key is understanding that no single tool or technology is enough – successful defenses are the result of the interplay of people, processes and intelligent security systems.
Where do we go deeper into Phishing? Come to Cybersecurity Summit 2025!
