Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted.

The Smishing Triad group has been linked to a surge in smishing campaigns targeting the U.S. and the U.K. The fraudulent text messages claim unpaid toll bills or payment requests related to toll services like FasTrak, E-ZPass, and I-Pass.

These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.

Silent Push Threat Analysts discovered a phishing campaign using website lures to gather information against Russian individuals sympathetic to defending Ukraine and willing to share sensitive information.

The end-to-end encryption in RCS and iMessage creates a blind spot, making network-level filtering ineffective. Threat actors also leverage visual trust indicators, such as blue bubbles in iMessage, to create a perception of legitimacy.

These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.

Morphing Meerkat likely delivered thousands of spam emails, with the phishing messages using compromised WordPress websites and open redirect vulnerabilities on advertising platforms like Google-owned DoubleClick to bypass security filters.

Researchers at Cofense warned of a growing number of phishing campaigns leveraging trusted online document platforms, such as Adobe, DocuSign, Dropbox, Canva, and Zoho, to evade secure email gateways (SEGs) and steal credentials.

This phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP).

This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.