Top Phishing Evasion Techniques To Watch Out For

Many cyberattacks nowadays start with phishing. Attackers use fake web pages to phish for financial and personal information or user credentials. One of the most popular fake brands used for phishing is Microsoft, with bad actors looking to harvest Office 365 login credentials, giving them access to organizations’ databases, systems, email, and collaboration platforms. Attackers aim to capture employee credentials to move laterally within an organization and achieve ever-escalating privileges.

As phishing has become a frequent occurrence, most organizations use some kind of email protection to detect phishing attacks, among other threats. This challenges attackers, who, in return, develop methods and techniques to evade those phishing detection engines. Leverage this document to know the latest evasion techniques used in recently released phishing campaigns and learn practical tips to identify them.

Because email is still the most common delivery method for phishing attacks, this guide refers mainly to email. However, similar attacks and evasion techniques can be used over other forms of communication such as Instant Messaging and SMS.