Old Tricks, New Threats: How Phishing Is Evolving in 2025

A new report from Kaspersky reveals how cybercriminals are reviving and reinventing classic phishing methods to target both individuals and organizations in 2025. The findings highlight a surge in calendar-based scams, fake voicemail phishing, and sophisticated tactics designed to bypass multi-factor authentication (MFA). As phishing techniques grow more advanced, the report underscores the urgent need for user awareness, employee training, and robust email security solutions to counter these persistent threats.

Calendar Phishing: A Silent Threat Inside the Office

What first appeared in the late 2010s as a niche tactic has returned in full force. Calendar-based phishing is making a comeback, this time with a focus on business environments. Attackers are sending email invitations for fake calendar events, often with empty message bodies and malicious links embedded in the event description.

Once a recipient opens the invite, the event is automatically added to their calendar, generating reminders that prompt them to click on links leading to counterfeit login pages — most often mimicking Microsoft sign-in portals. While early versions of this scam primarily targeted Google Calendar users, cybercriminals are now zeroing in on office employees with access to corporate systems.

Kaspersky advises organizations to conduct regular phishing awareness training, including simulated attacks, so employees learn how to verify unexpected or suspicious calendar invitations. The goal is to teach users to question digital “normality” — not every event request deserves an automatic click.

Fake Voicemail Phishing: Outsmarting CAPTCHA

In another twist, attackers have refined the use of phishing emails disguised as voicemail notifications. These messages are deliberately sparse, containing only minimal text and a link to what appears to be a simple webpage. When the user clicks through, they’re met with a sequence of CAPTCHA verifications — a clever method to evade automated security filters.

Eventually, this trail of false legitimacy leads to a convincing fake Google login page, which verifies email addresses and quietly records passwords. The sophistication of this layered deception highlights how phishing campaigns now blend technical trickery with psychological manipulation.

To defend against these evolving threats, Kaspersky recommends organizations invest in interactive training that teaches employees to recognize suspicious links and inconsistencies in login pages. Advanced email protection platforms, such as Kaspersky SecureMail, can also help detect and block these stealthy phishing tactics before they reach users’ inboxes.

Bypassing MFA: The Next Generation of Credential Theft

Even multi-factor authentication — long regarded as one of the strongest lines of defense — is now under attack. Recent phishing campaigns are using fake cloud service login portals to capture not only usernames and passwords, but also one-time passcodes.

One such campaign mimics pCloud, a legitimate file storage and backup service that uses encryption and file sharing. Attackers send users what appear to be standard support follow-up emails, directing them to spoofed login pages hosted on domains that closely resemble the real ones, such as pcloud.online.

These fake sites communicate via API with the genuine pCloud platform to validate email addresses in real time, adding a layer of authenticity. When victims enter their credentials and MFA codes, the data is instantly transmitted to the attackers, granting them complete access to the target’s account.

The implications of such sophisticated impersonation are serious. Beyond individual data loss, organizations risk major breaches if compromised credentials grant attackers access to corporate cloud environments. To mitigate these risks, experts recommend enforcing mandatory cybersecurity training and deploying email security tools like Kaspersky Security for Mail Servers, which detect suspicious domains and block phishing attempts that rely on API-based communication.

A Hybrid Approach to Old and New Threats

What makes 2025’s phishing landscape so dangerous is the blend of traditional deception and cutting-edge technology. Cybercriminals are no longer relying on poorly written emails or generic “urgent” alerts. Instead, they’re using credible branding, realistic web design, and behavioral cues to manipulate trust.

Modern phishing campaigns exploit both human psychology and technical vulnerabilities. From abusing legitimate tools like calendars and cloud APIs to creating believable multi-step verification flows, attackers are blurring the line between what looks authentic and what’s actually malicious.

Organizations can no longer rely solely on reactive defenses. A proactive cybersecurity culture — one that combines continuous education, intelligent email filtering, and real-time threat detection — is becoming essential. The report emphasizes that the weakest link often remains human behavior, and empowering users with awareness is as crucial as deploying advanced technology.