This post is also available in:
עברית (Hebrew)
Phishing remains the most frequently reported cybercrime in the United States, with over 193,000 incidents recorded by the FBI in the past year. While the prevalence is nothing new, recent analysis of the FBI’s latest Internet Crime Report reveals a concerning evolution in how these attacks are being carried out.
Cybersecurity experts are observing a shift toward more subtle, psychologically driven phishing techniques that can evade both users’ instincts and automated filters. These new methods rely less on malicious links or obvious red flags and more on blending into everyday digital interactions, according to a report by ZeroBounce.
One growing trend is the use of linkless phishing. Rather than sending an email with suspicious URLs, attackers initiate contact with a vague, seemingly benign message like “Are you available for a call?”. The goal is to spark a direct reply and initiate a conversation, often impersonating a colleague or superior. Without any link or attachment, these messages frequently bypass traditional spam filters.
Another tactic targets users through multi-factor authentication fatigue. After obtaining login credentials, attackers bombard a user with push notifications, then follow up with an email pretending to be IT support, encouraging the user to approve just one prompt to stop the notifications. This social engineering method leverages frustration and trust rather than technical exploits.
Phishers are also increasingly hiding their payloads in HTML attachments. These files may appear as invoices or shared documents, but when opened, they mimic legitimate login pages that harvest credentials. Because HTML files are often viewed as safe, they can be especially deceptive.
Finally, malicious actors are embedding dangerous links directly into calendar invites. When users receive an event invitation, they may trust the calendar interface and click without hesitation. These invites often contain phishing links in the “Join” button or event description.
As phishing techniques become more refined and less detectable, cybersecurity professionals stress the importance of constant vigilance. With attackers exploiting familiarity and routine, users must treat unexpected messages, files, and invitations with increased scrutiny—no matter how normal they appear.
