{"id":592,"date":"2025-06-02T12:24:00","date_gmt":"2025-06-02T10:24:00","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=592"},"modified":"2025-05-10T01:25:43","modified_gmt":"2025-05-09T23:25:43","slug":"the-evolution-of-a-digital-menace","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2025\/06\/the-evolution-of-a-digital-menace\/","title":{"rendered":"The Evolution of a Digital Menace"},"content":{"rendered":"<div class=\"ttr_start\"><\/div>\n<p>Alright, let&#8217;s talk about phishing. Not the relaxing kind with a fishing rod and a six-pack, but the absolute goddamn nightmare kind where cyber-bastards try to snatch your company&#8217;s secrets right from under your nose. These aren&#8217;t your grandpa&#8217;s Nigerian prince scams anymore; we&#8217;re dealing with sophisticated, targeted campaigns designed to bleed corporations dry or steal their juicy intellectual property, as mentioned in source<a href=\"https:\/\/www.semanticscholar.org\/paper\/6b3e7a08964335a9de0bcbe830493e5592ff247f\" target=\"_blank\" rel=\"noreferrer noopener\">9<\/a>.\u00a0And guess what? Artificial intelligence is now the scammers&#8217; favorite new toy, making these attacks scarier and more effective than ever, as detailed in source<a href=\"https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e\" target=\"_blank\" rel=\"noreferrer noopener\">1<\/a>.<\/p>\n\n\n\n<p>Phishing used to be kinda clumsy, you know? Mass emails riddled with spelling errors that even your technophobe uncle could spot, as source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/bitwarden.com\/blog\/ai-phishing-evolution-staying-ahead-of-sophisticated-scams\/\">11<\/a>&nbsp;points out. But things have changed, drastically. Thanks to advancements like AI, these attacks are now hyper-personalized, adaptive, and frighteningly convincing, according to source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e\">1<\/a>.&nbsp;Attackers can leverage generative AI to craft perfect &#8220;corporate speak&#8221; emails that bypass basic training defenses, making it way harder for employees to tell friend from foe, source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/bitwarden.com\/blog\/ai-phishing-evolution-staying-ahead-of-sophisticated-scams\/\">11<\/a>&nbsp;explains. They can even use AI to clone voices for vishing (voice phishing) attacks, making employees think they&#8217;re getting urgent instructions straight from the boss, like in that horrifying case where a company lost $35 million because of a cloned executive voice, as reported by Keepnet Labs (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\">2<\/a>).<\/p>\n\n\n\n<p>These campaigns aren&#8217;t just random shots in the dark. They are often highly targeted operations, sometimes even state-sponsored, aimed squarely at valuable corporate assets like trade secrets or customer data, as discussed in sources<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\">3<\/a>&nbsp;and<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/6b3e7a08964335a9de0bcbe830493e5592ff247f\">9<\/a>.Think spear phishing, where emails are tailored to specific individuals or departments, or whaling, which goes after the big fish \u2013 CEOs and other high-profile execs, as Keepnet Labs outlines (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\">3<\/a>).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>A Rogues&#8217; Gallery of Modern Phishing Nasties<\/strong><\/h2>\n\n\n\n<p>Just to give you a taste of the bullshit corporations are up against these days, here are some recent examples highlighted by Keepnet Labs (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\">2<\/a>, source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\">3<\/a>):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AI Voice Cloning (Vishing):<\/strong>\u00a0As mentioned, faking executive voices to demand wire transfers. Pure evil genius, really (source<a href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>).<\/li>\n\n\n\n<li><strong>Smishing Delivery Scams:<\/strong>\u00a0Text messages pretending to be from couriers, tricking logistics employees into giving up credentials on fake sites. Led to a $10 million lawsuit in one case (source<a href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>).<\/li>\n\n\n\n<li><strong>Quishing (QR Code Phishing):<\/strong>\u00a0Slapping malicious QR codes on things like event brochures. Scan it, and boom, you&#8217;re on a fake login page handing over your keys (source<a href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">2<\/a>).<\/li>\n\n\n\n<li><strong>Business Email Compromise (BEC):<\/strong>\u00a0Impersonating execs or vendors via email to trick finance departments into sending money or revealing info. A classic, but still wickedly effective, costing U.S. victims millions (source<a href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a>).<\/li>\n\n\n\n<li><strong>Fake Invoices:<\/strong>\u00a0Sending legit-looking invoices, sometimes using trusted platforms like DocuSign to bypass filters, tricking accounting into paying phantom bills (source<a href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a>).<\/li>\n\n\n\n<li><strong>Credential Theft:<\/strong>\u00a0The bread-and-butter goal \u2013 using fake login pages linked in emails to steal usernames and passwords. Russian state-sponsored groups are reportedly big fans of this (source<a href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a>).<\/li>\n\n\n\n<li><strong>Targeting Trade Secrets:<\/strong>\u00a0Specifically aiming to infiltrate systems to steal proprietary data, like the attempt on OpenAI by a China-based group mentioned by Tech Times (source<a href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">3<\/a>).<\/li>\n\n\n\n<li><strong>Exploiting Trusted Infrastructure:<\/strong>\u00a0Some clever sods are even using legitimate Microsoft 365 services to deliver phishing content, making it incredibly hard to detect since it operates\u00a0<em>within<\/em>\u00a0the trusted ecosystem, bypassing many standard security controls, as detailed by Guardz (source<a href=\"https:\/\/guardz.com\/blog\/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure\/\" target=\"_blank\" rel=\"noreferrer noopener\">12<\/a>).<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"so-what-the-hell-do-we-do-about-it\">So, What the Hell Do We Do About It?<\/h1>\n\n\n\n<p>Look, the bad guys are getting smarter, faster, and sneakier, often using the very tools (like AI and trusted cloud platforms) that businesses rely on, as highlighted in sources<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e\">1<\/a>&nbsp;and<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/guardz.com\/blog\/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure\/\">12<\/a>.&nbsp;Relying solely on old-school methods is like bringing a butter knife to a gunfight. You need a multi-layered defense strategy. Here\u2019s the lowdown on what actually helps:<\/p>\n\n\n\n<p><strong>1. Stop Assuming Your Employees Are Psychic: Train Them!<\/strong><br>Seriously, your people are the first and last line of defense, but they&#8217;re also human and, let&#8217;s be honest, often the weakest link, as source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/27690bbaf036d21c1b154b06455fd06db469310b\">7<\/a>&nbsp;bluntly puts it. Comprehensive,&nbsp;<em>ongoing<\/em>&nbsp;training is non-negotiable, as emphasized in sources<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/5f7e86941d6fa90d6b66775e289b2d8e571d44bf\">4<\/a>,<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/c6c7aa6e5a892a2b0747aaf6874d5758e7eeab6b\">8<\/a>, and<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/perception-point.io\/guides\/phishing\/phishing-training-why-how-and-6-steps-to-get-started\/\">10<\/a>.This isn&#8217;t just a one-off PowerPoint snooze-fest. Effective training needs to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Educate on the\u00a0<em>latest<\/em>\u00a0tactics (AI voice scams, quishing, sophisticated BEC, etc.), as mentioned in source<a href=\"https:\/\/perception-point.io\/guides\/phishing\/phishing-training-why-how-and-6-steps-to-get-started\/\" target=\"_blank\" rel=\"noreferrer noopener\">10<\/a>.<\/li>\n\n\n\n<li>Use real-world examples and simulations (like simulated phishing exercises) to make it stick, a point echoed in source<a href=\"https:\/\/perception-point.io\/guides\/phishing\/phishing-training-why-how-and-6-steps-to-get-started\/\" target=\"_blank\" rel=\"noreferrer noopener\">10<\/a>.<\/li>\n\n\n\n<li>Be tailored and continuous, because vigilance fades and threats evolve, as qualitative studies suggest (source<a href=\"https:\/\/www.semanticscholar.org\/paper\/c6c7aa6e5a892a2b0747aaf6874d5758e7eeab6b\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>).<\/li>\n\n\n\n<li>Actually improve their ability to recognize and\u00a0<em>respond<\/em>\u00a0cautiously to suspicious stuff, which studies show good training can do, according to sources<a href=\"https:\/\/www.semanticscholar.org\/paper\/5f7e86941d6fa90d6b66775e289b2d8e571d44bf\" target=\"_blank\" rel=\"noreferrer noopener\">4<\/a>\u00a0and<a href=\"https:\/\/www.semanticscholar.org\/paper\/c6c7aa6e5a892a2b0747aaf6874d5758e7eeab6b\" target=\"_blank\" rel=\"noreferrer noopener\">8<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><strong>2. Get Some Goddamn Decent Email Filters<\/strong><br>Basic email security gateways (SEGs) often can&#8217;t keep up with sophisticated attacks that use evasive tactics or leverage trusted platforms, as explained by TitanHQ (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\">5<\/a>) and Guardz (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/guardz.com\/blog\/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure\/\">12<\/a>). You need advanced, AI-powered filtering solutions. These modern marvels use techniques like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Machine learning and Natural Language Processing (NLP) to analyze content and context, as detailed in source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>.<\/li>\n\n\n\n<li>Real-time threat intelligence and blacklists (RBLs), mentioned in source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>.<\/li>\n\n\n\n<li>Heuristics to spot suspicious patterns, also noted in source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>.<\/li>\n\n\n\n<li>Bayesian analysis that learns and improves over time, according to source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>.<\/li>\n\n\n\n<li>&#8220;Time-of-click&#8221; URL analysis, which re-checks links when clicked, just in case a site turned malicious\u00a0<em>after<\/em>\u00a0the email was delivered, a feature highlighted by TitanHQ (source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>).<br>These filters are crucial for catching the nasty stuff\u00a0<em>before<\/em>\u00a0it even lands in an employee&#8217;s inbox, acting as a vital technical barrier, as source<a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\" target=\"_blank\" rel=\"noreferrer noopener\">5<\/a>\u00a0emphasizes.<\/li>\n<\/ul>\n\n\n\n<p><strong>3. For Fuck&#8217;s Sake, Use Multi-Factor Authentication (MFA)<\/strong><br>If (or let&#8217;s be real,&nbsp;<em>when<\/em>) credentials get compromised despite your best efforts, MFA is your best friend, as TechRepublic explains (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>). It adds extra layers to the login process, usually requiring something you&nbsp;<em>have<\/em>&nbsp;(like a phone for a code) or something you&nbsp;<em>are<\/em>&nbsp;(like a fingerprint) in addition to something you&nbsp;<em>know<\/em>&nbsp;(your password), according to source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>.This means even if a scammer nabs a password, they likely can&#8217;t access the account without that second factor. It&#8217;s a simple concept that massively boosts security against credential theft, as source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>&nbsp;points out.<\/p>\n\n\n\n<p><em>However<\/em>, don&#8217;t get too cocky. Determined attackers are finding ways around basic MFA, sometimes by tricking users into giving up the MFA code itself on a phishing site, as warned by CISA (mentioned in source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>). That&#8217;s why experts now recommend implementing&nbsp;<em>phishing-resistant<\/em>&nbsp;MFA methods wherever possible, which are harder to trick (source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-never-ending-battle\">The Never-Ending Battle<\/h2>\n\n\n\n<p>Look, sophisticated phishing targeting corporate secrets isn&#8217;t going away. If anything, AI is just adding fuel to the fire, making attacks more potent and harder to spot, a sentiment echoed in source<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e\">1<\/a>.&nbsp;Staying safe requires constant vigilance, investment in robust technology like advanced filters and MFA, and crucially, empowering your employees with knowledge through continuous, relevant training, as sources<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/5f7e86941d6fa90d6b66775e289b2d8e571d44bf\">4<\/a>,<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\">5<\/a>,<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">6<\/a>, and<a target=\"_blank\" rel=\"noreferrer noopener\" href=\"https:\/\/www.semanticscholar.org\/paper\/6b3e7a08964335a9de0bcbe830493e5592ff247f\">9<\/a>&nbsp;collectively suggest. It\u2019s a pain in the ass, yes, but way less painful than explaining to your board why millions just vanished or your top-secret project plans are now on the dark web. Good luck out there.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Sources used to write this shitshow:<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e\">https:\/\/www.semanticscholar.org\/paper\/6f859104ae9f900956b11d975e165f1d50512b9e<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks\">https:\/\/keepnetlabs.com\/blog\/6-shocking-advanced-phishing-attacks<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks\">https:\/\/keepnetlabs.com\/blog\/10-examples-of-spear-phishing-attacks<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/5f7e86941d6fa90d6b66775e289b2d8e571d44bf\">https:\/\/www.semanticscholar.org\/paper\/5f7e86941d6fa90d6b66775e289b2d8e571d44bf<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/\">https:\/\/www.titanhq.com\/phishing-protection\/anti-phishing-filter\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/\">https:\/\/www.techrepublic.com\/article\/how-to-prevent-phishing-attacks-mfa\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/27690bbaf036d21c1b154b06455fd06db469310b\">https:\/\/www.semanticscholar.org\/paper\/27690bbaf036d21c1b154b06455fd06db469310b<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/c6c7aa6e5a892a2b0747aaf6874d5758e7eeab6b\">https:\/\/www.semanticscholar.org\/paper\/c6c7aa6e5a892a2b0747aaf6874d5758e7eeab6b<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/6b3e7a08964335a9de0bcbe830493e5592ff247f\">https:\/\/www.semanticscholar.org\/paper\/6b3e7a08964335a9de0bcbe830493e5592ff247f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/perception-point.io\/guides\/phishing\/phishing-training-why-how-and-6-steps-to-get-started\/\">https:\/\/perception-point.io\/guides\/phishing\/phishing-training-why-how-and-6-steps-to-get-started\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/bitwarden.com\/blog\/ai-phishing-evolution-staying-ahead-of-sophisticated-scams\/\">https:\/\/bitwarden.com\/blog\/ai-phishing-evolution-staying-ahead-of-sophisticated-scams\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/guardz.com\/blog\/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure\/\">https:\/\/guardz.com\/blog\/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7d30ac8b803076f886496bf647981c9b5d9375ec\">https:\/\/www.semanticscholar.org\/paper\/7d30ac8b803076f886496bf647981c9b5d9375ec<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7b4c00a65e25f3f6031d10beaa5235533d4831ed\">https:\/\/www.semanticscholar.org\/paper\/7b4c00a65e25f3f6031d10beaa5235533d4831ed<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.valimail.com\/resources\/guides\/guide-to-phishing\/\">https:\/\/www.valimail.com\/resources\/guides\/guide-to-phishing\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/trustpair.com\/blog\/4-examples-of-spear-phishing-attacks\/\">https:\/\/trustpair.com\/blog\/4-examples-of-spear-phishing-attacks\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.hornetsecurity.com\/en\/blog\/spear-phishing-examples\/\">https:\/\/www.hornetsecurity.com\/en\/blog\/spear-phishing-examples\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cyberhoot.com\/blog\/advanced-phishing-tactics-a-hackers-playbook\/\">https:\/\/cyberhoot.com\/blog\/advanced-phishing-tactics-a-hackers-playbook\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.checkpoint.com\/cyber-hub\/threat-prevention\/what-is-phishing\/the-top-5-phishing-scams-of-all-times\/\">https:\/\/www.checkpoint.com\/cyber-hub\/threat-prevention\/what-is-phishing\/the-top-5-phishing-scams-of-all-times\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.bitlyft.com\/resources\/the-business-impact-of-phishing-attacks-prevention-and-response-strategies\">https:\/\/www.bitlyft.com\/resources\/the-business-impact-of-phishing-attacks-prevention-and-response-strategies<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/security.pditechnologies.com\/blog\/advanced-phishing-attacks-how-to-stem-the-tide\/\">https:\/\/security.pditechnologies.com\/blog\/advanced-phishing-attacks-how-to-stem-the-tide\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.graphus.ai\/blog\/worst-phishing-attacks-in-history\/\">https:\/\/www.graphus.ai\/blog\/worst-phishing-attacks-in-history\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/wine-inspired-phishing-eu-diplomats\">https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/wine-inspired-phishing-eu-diplomats<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.arkoselabs.com\/man-in-the-middle-attack\/advanced-phishing\/\">https:\/\/www.arkoselabs.com\/man-in-the-middle-attack\/advanced-phishing\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.usecure.io\/types-of-phishing-attack\">https:\/\/blog.usecure.io\/types-of-phishing-attack<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.varonis.com\/blog\/advanced-phishing-tactics\">https:\/\/www.varonis.com\/blog\/advanced-phishing-tactics<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/648e4f1588cd353d4eb20acd68ad43474b8a338b\">https:\/\/www.semanticscholar.org\/paper\/648e4f1588cd353d4eb20acd68ad43474b8a338b<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7d9c43e181a7ec47e969ca0e2e275dc5d6ccbba6\">https:\/\/www.semanticscholar.org\/paper\/7d9c43e181a7ec47e969ca0e2e275dc5d6ccbba6<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.titanhq.com\/email-protection\/ultimate-guide-email-filtering-solutions\/\">https:\/\/www.titanhq.com\/email-protection\/ultimate-guide-email-filtering-solutions\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.yubico.com\/resources\/glossary\/phishing-resistant-mfa\/\">https:\/\/www.yubico.com\/resources\/glossary\/phishing-resistant-mfa\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.secopan.de\/en\/online-training-and-phishing-campaigns\/\">https:\/\/www.secopan.de\/en\/online-training-and-phishing-campaigns\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/perception-point.io\/guides\/email-security\/understanding-email-filtering-types-techniques-and-tools\/\">https:\/\/perception-point.io\/guides\/email-security\/understanding-email-filtering-types-techniques-and-tools\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.okoone.com\/spark\/product-design-research\/multi-factor-authentication-made-simple-for-phishing-protection\/\">https:\/\/www.okoone.com\/spark\/product-design-research\/multi-factor-authentication-made-simple-for-phishing-protection\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/keepnetlabs.com\/blog\/free-phishing-awareness-training\">https:\/\/keepnetlabs.com\/blog\/free-phishing-awareness-training<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/expertinsights.com\/insights\/the-top-email-anti-spam-filtering-solutions\/\">https:\/\/expertinsights.com\/insights\/the-top-email-anti-spam-filtering-solutions\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf\">https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cyberarrow.io\/blog\/the-role-of-employee-training-in-combating-phishing-attacks\/\">https:\/\/www.cyberarrow.io\/blog\/the-role-of-employee-training-in-combating-phishing-attacks\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cynet.com\/malware\/6-email-filtering-techniques-and-how-to-choose-a-filtering-service\/\">https:\/\/www.cynet.com\/malware\/6-email-filtering-techniques-and-how-to-choose-a-filtering-service\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/conditional-access\/policy-admin-phish-resistant-mfa\">https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/conditional-access\/policy-admin-phish-resistant-mfa<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/caniphish.com\/free-phishing-test\/phishing-awareness-training\">https:\/\/caniphish.com\/free-phishing-test\/phishing-awareness-training<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/076fec5572edff3f1a547fcbb92dd58440c9037f\">https:\/\/www.semanticscholar.org\/paper\/076fec5572edff3f1a547fcbb92dd58440c9037f<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/9e4afb5221e8c9b00b41ba77a684faad1684bad9\">https:\/\/www.semanticscholar.org\/paper\/9e4afb5221e8c9b00b41ba77a684faad1684bad9<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/a3be03d0e1995eb12c490e5846898cbeddd633ca\">https:\/\/www.semanticscholar.org\/paper\/a3be03d0e1995eb12c490e5846898cbeddd633ca<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/c9cc5ff28491fa499ab416dfdf0a15275afc52f8\">https:\/\/www.semanticscholar.org\/paper\/c9cc5ff28491fa499ab416dfdf0a15275afc52f8<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7f1a9add93fba860a135c8f5a8619fb7f8fccc51\">https:\/\/www.semanticscholar.org\/paper\/7f1a9add93fba860a135c8f5a8619fb7f8fccc51<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.group-ib.com\/media-center\/press-releases\/perswaysion\/\">https:\/\/www.group-ib.com\/media-center\/press-releases\/perswaysion\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloudmatika.co.id\/en\/blog-detail\/lost-business-to-phishing-check-out-how-to-recognize-and-avoid-phishing-emails-b316\">https:\/\/cloudmatika.co.id\/en\/blog-detail\/lost-business-to-phishing-check-out-how-to-recognize-and-avoid-phishing-emails-b316<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/amatas.com\/blog\/what-is-phishing-in-cybersecurity-complete-explanation\/\">https:\/\/amatas.com\/blog\/what-is-phishing-in-cybersecurity-complete-explanation\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.vaadata.com\/blog\/phishing-campaign-objectives-methodology-spear-and-mass-phishing-examples\/\">https:\/\/www.vaadata.com\/blog\/phishing-campaign-objectives-methodology-spear-and-mass-phishing-examples\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/87f1b420e810ecfee456def6affa14cc4032ca23\">https:\/\/www.semanticscholar.org\/paper\/87f1b420e810ecfee456def6affa14cc4032ca23<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC10835820\/\">https:\/\/www.ncbi.nlm.nih.gov\/pmc\/articles\/PMC10835820\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/7d8a5900b212c8e8fa8c9f39afe925b1204a140c\">https:\/\/www.semanticscholar.org\/paper\/7d8a5900b212c8e8fa8c9f39afe925b1204a140c<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/226f04b2fe8eb330db7e60c5de4cdcd4d1d63e77\">https:\/\/www.semanticscholar.org\/paper\/226f04b2fe8eb330db7e60c5de4cdcd4d1d63e77<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/pubmed.ncbi.nlm.nih.gov\/39382855\/\">https:\/\/pubmed.ncbi.nlm.nih.gov\/39382855\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.semanticscholar.org\/paper\/da0211b246427ccb23787a19ab12d27cbae0c192\">https:\/\/www.semanticscholar.org\/paper\/da0211b246427ccb23787a19ab12d27cbae0c192<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.cisa.gov\/secure-our-world\/teach-employees-avoid-phishing\">https:\/\/www.cisa.gov\/secure-our-world\/teach-employees-avoid-phishing<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/hoxhunt.com\/product\/phishing-training\">https:\/\/hoxhunt.com\/product\/phishing-training<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.titanhq.com\/security-awareness-training\/employee-phishing-training\/\">https:\/\/www.titanhq.com\/security-awareness-training\/employee-phishing-training\/<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/products\/phish-threat\">https:\/\/www.sophos.com\/en-us\/products\/phish-threat<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.itgovernance.eu\/de-de\/shop\/product\/phishing-staff-awareness-training-programme\">https:\/\/www.itgovernance.eu\/de-de\/shop\/product\/phishing-staff-awareness-training-programme<\/a><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n<div class=\"ttr_end\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Phishing has evolved from basic scams to sophisticated attacks utilizing AI, targeting corporate secrets and valuable data. Modern tactics include impersonating executives, voice cloning, and exploiting trusted platforms. A comprehensive defense strategy, involving employee training, advanced email filters, and multi-factor authentication, is crucial for preventing losses from these advanced threats.<\/p>\n","protected":false},"author":1,"featured_media":594,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[71,6,4,2,3,15,7,8,30],"tags":[159,35,158],"class_list":{"0":"post-592","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-application-security","8":"category-cyber-crime","9":"category-cyber-defence","10":"category-cyber-security","11":"category-cyber-terrorism","12":"category-dark-web","13":"category-digital-ethics","14":"category-global-risks","15":"category-privacy","16":"tag-bangladesh-bank","17":"tag-phishing","18":"tag-spear-phishing","20":"fallback-thumbnail"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2025\/05\/The-Evolution-of-a-Digital-Menace.png?fit=960%2C640&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-9y","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=592"}],"version-history":[{"count":2,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/592\/revisions"}],"predecessor-version":[{"id":617,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/592\/revisions\/617"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media\/594"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}