#PoweredByTRS
Technical Resource Solutions, LLC | Copyright (C) 2003-2024 | All Rights Reserved
#PoweredByTRS
Phishing Techniques We’ve Seen So Far in 2025
Maybe you've seen a few in your work email inbox before…your boss is asking you to purchase a few thousand dollars of gift cards for a "special project," or your sign-in credentials are "urgently needed" for an unrecognizable domain, or perhaps there's a Nigerian prince who desperately needs your help. Either way, we all know what phishing emails look like, or at least what they have looked like in the past, but are you able to spot one you haven't seen before?
Phishing scams are getting harder to spot
Any good fisherman would tell you in order to catch fish, you should look in their environment to see what they're eating. Typically, this can be done by lifting up a rock, looking for grubs or worms, and trying to match your lure to their environment. Hackers and social engineers do the exact same thing. Someone looking to trick an employee by way of phishing will take a look at what kind of emails you might expect.
Maybe you've been on the lookout for an invoice from a vendor, or even a routine recent sign in notification email from Microsoft – that's what a hacker will try to disguise themselves as to get you to take the bait!Invoice phishing
One very common form of phishing we have been seeing this year is invoice phishing. Invoice phishing usually comes across as someone emailing you that a past due invoice needs to be paid, with a deceptive link to "complete the payment."
These can be super tricky to spot, especially with how many invoices are constantly being paid and sent by your business. Before proceeding, you always want to ask yourself a few questions:
- Who is sending me this supposed invoice?
- Do I recognize their sending domain?
- Was I expecting to receive this invoice for these items?
- Am I someone who even pays invoices at my company?
It's generally best practice to never send credit card or banking information via email, even if someone you know is asking for it. A phone call to someone you trust is always better than email in a pinch.
Downloads and attachment phishing
Another form of phishing we've been tracking is download phishing. This occurs when the email is directing you to download an attachment, which typically requests that you sign in to another site, that will ultimately steal your information. This form of phishing can be complicated because of how many spreadsheets or PDFs you may send back and forth as apart of your everyday workflow.
QR code phishing
Ever since they took over restaurant menus in 2020, we all have become very familiar with QR codes and how useful they can be with our smartphones. Well, just when technology evolves for the better, there are always bad actors looking to trick others by the same means. Unlike recognizing a suspicious looking link in an email, attackers have begun masking the link as a QR code and imploring you to scan it with your smartphone. Since you can't actually see the link in full before visiting, this can be tricky to avoid. You always want to thoroughly review who has sent you the QR code and if their sending domain is recognizable.
Understanding the human element of cybersecurity
While there are safeguards for some phishing attacks, one of the most crucial lines of defense is you, the human. At the end of the day, you are the only one standing between clicking on a suspicious link and a data breach.
Stay informed, stay vigilant and protect your business from these ever-evolving threats. Contact us today, and we'll guide you through the best practices for phishing prevention.
About the author
Submit a Support Ticket
If you utilize the Technical Resource Solutions Ticketing Portal to manage and create tickets, click the button below to open a new support ticket.
Ticketing PortalIf you do not currently have access to the ticketing portal, give us a call to request access.
Call TechnicalRS