Four ways to phish in 2025

Welcome to the new 42 cyber warriors who joined us last week. Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here. 

Weekly insights and inspiration from the global Black Hat MEA community. Stay ahead of your adversaries. 

This week we’re focused on…

Phishing attacks. And specifically, four different forms of phishing that are becoming more common this year. 

Phishing strategies are evolving rapidly. We wrote about the new Morphing Meerkat phishing-as-a-service (PhaaS) platform on the blog this week; but PhaaS opportunities aren’t the only developments in sophisticated phishing. 

1. AI-powered tax scams 

Scammers are using AI to orchestrate elaborate phishing schemes that enable them to access sensitive tax and financial data. 

For example, one increasingly prevalent tactic involves the use of AI-generated communications (calls, chatbots, or emails) that impersonate colleagues or bosses to solicit tax information. These communications often demand immediate action, and victims respond because there’s an inherent urgency in tax deadlines. 

Other threat actors have exploited disaster relief efforts – setting up fake donation sites designed to siphon personal tax data and funds from people who want to help. 

2. We’ve seen a surge in ‘smishing’ attacks 

In the US, the FBI has raised the alarm over a rise in ‘smishing’ attacks. Scammers send SMS messages, often disguised as delivery service alerts, to deceive victims into sharing personal data. 

The messages ask victims to click on malicious links which put them at risk of financial theft or identity fraud. 

As reported by the New York Post, the FBI has urged people to delete suspicious messages straight away, and to never interact at all with texts from unknown sources. 

3. Corporate email attacks are becoming harder to detect 

If you’ve worked for a large corporation in the last few years, you’ll know that corporate cybersecurity awareness training is improving. But in spite of increased efforts to strengthen the human factor in cyber resilience, businesses are increasingly falling victim to sophisticated phishing attacks – and they can lead to serious financial losses. 

In February 2024, Pepco Group’s Hungarian branch was targeted by threat actors who created convincing phishing emails designed to trigger fraudulent money transfers. The company lost about €15.5 million as a result. 

The emails effectively mimicked authentic communication styles within the company and didn’t contain the tell-tale spelling and grammar mistakes that most people look out for when they suspect a phishing attempt. 

4. QR code phishing, or ‘quishing’, puts people at risk out-and-about 

Since COVID-19 sparked the need for contactless communications and payments across industries, QR codes have come into their own. But their convenience is being exploited by cybercriminals in a tactic now known as ‘quishing’. 

They tamper with legitimate QR codes in public places (the ones you might use to place an order in a restaurant or access information about a public service, for example) and replace them with counterfeit QR codes that, when scanned, download malware or steal the user’s personal data. 

The majority of people don’t yet know that scanning a QR code could lead them into danger. So increased education around the risks of quishing is needed, both among the general public and among businesses that might deploy QR codes for convenience. 

What are the phishing strategies causing the most concern?

At Black Hat MEA we have a superpower to tap into when it comes to knowledge-sharing: a global community of cybersecurity practitioners and business leaders who operate across industries. 

So we want to hear from you: What are the phishing strategies causing the most concern in your sector right now? And what are you doing about it? 

We’ll see you back in your inbox next week.

Join us at Black Hat MEA 2025 to grow your network, expand your knowledge, and build your business.