ZeroFox’s 2023 Phishing Trends report highlights the rapid evolution of phishing tactics to bypass security measures and exploit user vulnerabilities. Threat actors increasingly use ISO, RAR, LNK, and OneNote files after Microsoft blocked VBA macros, with 40% of phishing attacks using malicious attachments responsible for 35% of ransomware infections. MFA bypassing grew through “in-the-middle” and OAuth consent phishing. Phishing-as-a-Service kits like EvilProxy and Evilginx now offer real-time MFA evasion, while SEO poisoning and domain abuse rise via cloaking and keyword stuffing. ZeroFox recommends zero-trust frameworks, phishing-resistant MFA, and continuous user training to counter these evolving threats.

Join for free to read