Phishing - 2025 Methods & techniques
In 2025, phishing is still the most prevalent kind of cyber attack on the planet. Indeed, 1.2% of the global email traffic is phishing. That's 3.4 billion emails each day, but only a low number results in a compromise since "only" 3% of employees would click on a malicious link. However, when they do, it can be disastrous for their company. 91% of cyber attacks start with a malicious email to a target. Considering that, we easily understand why phishing is still one of the favorite initial access vectors of threat actors
Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies
A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.
Alexandre Nesic
Interesting reading. Got to keep up with this sort of stuff, so I think about defenses.
Setting up an infrastructure behind a reverse proxy redirector is a good starting point, but it's not sufficient. We need to harden it more
Now you know why I am hardening up my WAF, although most of the time the attacks are stopped at the CloudFlare then the router. But tinkering is required to learn.
Why spend time setting up an SMTP relay server when there are so many that could be used on the Internet? One reason could be to actually spoof target's domain. It is a strategy that consists of usurping the target's domain if it missing some DNS records. A great tool to detect this kind of misconfiguration is Spoofy. It checks DNS records and tells you whether a domain is spoofable based on the responses. You can also refer to this table to know if a domain is spoofable or not. If it is, there's a good chance that your malicious email will land in the victim's inbox, if you send it pretending to come from the same domain.
Tested mine. All good.
You can see where I am going with an egress firewall, DNS filtering, hardening and the like. Fun isn't it.
#enoughsaid