Phishing - Five Shady Techniques to Watch Out For
Basically, scammers trick you into giving them your personal information through fake emails.
Five phishing techniques are on the rise this year. From voicemail lures to fake shipping notifications, these scams are targeting unsuspecting users. Stay alert to protect your credentials and avoid falling victim to these deceptive tactics.
What Happened
In 2026, phishing attacks have evolved, becoming more sophisticated and deceptive. Hackers are leveraging urgency and familiar branding to lure victims into revealing their credentials. This year, Huntress researchers identified five particularly shady techniques that are gaining traction. These include voicemail lures, callback scams, brand impersonation, fake shipping notifications, and the Living off Trusted Sites (LoTS) method. Each of these tactics exploits human psychology, making it easier for attackers to succeed.
Imagine it’s late on a Friday, and you receive an email that looks official, warning you about an expiring password. In the rush to leave for the weekend, you might click without thinking. This scenario is exactly what attackers hope for, and they are using it to their advantage.
Who's Being Targeted
Phishing attacks are indiscriminate, targeting anyone from individual users to large organizations. Employees who work remotely or are under time pressure are particularly vulnerable. The urgency created by these emails can lead even the most cautious individuals to make mistakes.
For example, callback phishing often targets users by claiming there’s an urgent issue with their bank account. Victims are prompted to call a provided number, where scammers then extract personal information. This tactic is especially effective because it creates a false sense of security through direct communication.
Signs of Infection
Recognizing phishing attempts can be challenging. Common signs include unexpected emails that create urgency, misspellings in email addresses, and attachments that seem out of place. For instance, voicemail lures often contain SVG attachments that look harmless but can redirect users to malicious sites.
Additionally, shipping notifications from well-known companies like UPS or FedEx can appear legitimate. These emails may ask for personal information to resolve delivery issues, tricking users into clicking malicious links. Always be cautious of emails that ask you to click links or provide sensitive information.
How to Protect Yourself
To safeguard against these phishing techniques, it’s essential to adopt a proactive approach. Never click links in unsolicited emails; instead, visit the official website directly. For businesses, implementing multi-factor authentication (MFA) and robust email filtering systems can significantly reduce risk.
Regular security awareness training for employees is also crucial. Educating users about the latest phishing tactics can empower them to recognize and report suspicious emails. Remember, the best defense against phishing is vigilance and a healthy skepticism towards unexpected communications.
Huntress Blog