Latest News About What Is Phishing

Here’s the latest on phishing based on recent credible summaries:

• What phishing is: phishing is a social engineering tactic where attackers disguise themselves as legitimate entities to steal credentials, financial data, or access to systems. They commonly use email, SMS (smishing), phone calls (vishing), and increasingly voice and chat apps to lure victims .

• Notable recent trends:

  • Phishing-as-a-service (PhaaS) platforms continue to proliferate, lowering the barrier for criminals to launch targeted campaigns against organizations and individuals, including attempts to bypass 2FA protections .
  • Attacks targeting high-value individuals (e.g., executives) and credential harvesting across cloud services (Microsoft 365, Gmail) are seeing heightened activity, often using fake portals, OAuth/device code phishing, or credential theft kits .
  • SMS and voice phishing (smishing/voice phishing) campaigns remain prevalent, sometimes leveraging AI voice agents to automate social engineering at scale .

• Defensive updates:

  • Major providers (e.g., Google) are strengthening email authentication requirements and blocking bulk messages that don’t meet stricter spam/phishing thresholds to reduce phishing reach .
  • Law enforcement actions continue to disrupt phishing infrastructure and arrest operators, signaling ongoing international collaboration to dismantle phishing networks .

• Practical tips to reduce risk:

  • Verify sender addresses and domain legitimacy; beware urgent language or unusual requests for sensitive data.
  • Use multi-factor authentication with phishing-resistant methods (prefer hardware keys or phishing-resistant 2FA where available).
  • Be cautious with OAuth and device-code prompts; when in doubt, navigate directly to the official site rather than following links in messages.
  • Keep systems and software updated, and implement email/classification controls and user education programs.

Illustrative example:

• A recent spike in credential phishing aimed at executives used landing pages mimicking corporate portals to harvest usernames and passwords, followed by attempts to move laterally within corporate networks. This underscores why executive-targeted phishing remains a priority for defenders .

If you’d like, I can tailor this to your sector (finance, healthcare, tech, etc.) and provide a quick, practical phishing awareness checklist for NYC-based teams.