Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat actors are abusing Microsoft’s infrastructure to launch phishing attacks that can bypass security measures, according to researchers at Guardz. The attackers compromise multiple Microsoft 365 tenants in order to generate legitimate transaction notifications that contain phishing messages.

Our latest Phishing Threat Trends Report explores the evolving phishing landscape in 2025, from renewed tactics to emerging attack techniques. Ransomware may be an “old” threat, but new tactics are making people more susceptible than ever. In this edition, we break down a highly advanced attack detected by KnowBe4 Defend that bypassed native security and a secure email gateway (SEG)—and would have been nearly impossible to stop if launched.

Business email compromise (BEC) attacks rose 13% last month, with the average requested wire transfer increasing to $39,315, according to a new report from Fortra. “The average amount requested from BEC wire transfer attackers was $39,315 in February compared to $24,586 in January 2025, an increase of 60%,” the report says.

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft. The attacks use a social engineering technique called “ClickFix” to trick victims into downloading malware.

A KnowBe4 Threat Lab publication Authors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting. These Russian.ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a malicious phishing attack. Everyone gets worked up about it and a large percentage of people report it as a possible phishing attack. And it is not. It is just frustrating. Sound familiar?

A KnowBe4 Threat Lab Publication Authors: Martin Kraemer, James Dyer, and Lucy Gee Much like sending a phishing email from a compromised account, cybercriminals can boost the deliverability and credibility of their attacks by leveraging legitimate platforms. Notably, there has been a growing proportion sent using the popular accounting software Intuit QuickBooks. Our Threat Research team has observed a 36.5% increase in the use of this platform since January 1, 2025.

Phishing remains a significant threat to organisations, despite advancements in cybersecurity. The tactics used in phishing attacks have evolved significantly. Attackers now use advanced techniques like spear phishing, targeting specific individuals or roles within an organisation, and clone phishing, which duplicates legitimate messages but includes malicious links.