A new Kaspersky review reveals how cybercriminals revived and refined phishing techniques to target individuals and businesses in 2025, including calendar-based attacks, voice message deceptions and sophisticated multi-factor authentication (MFA) bypass schemes. The findings emphasise the critical need for user vigilance, employee training and advanced email protection solutions to counter these persistent threats moving forward.
Calendar-based phishing targets office workers
A tactic originally from the late 2010s, calendar-based phishing, has reemerged with a focus on B2B environments. Attackers send emails with calendar event invitations, often containing no body text, hiding malicious links in the event description. When opened, the event auto-adds to the user’s calendar, with reminders urging them to click links leading to fake login pages, such as those mimicking Microsoft. Previously aimed at Google Calendar users in mass campaigns, this method now targets office employees. Organisations should conduct regular phishing awareness training, such as simulated attack workshops, to teach employees to verify unexpected calendar invites.
Voice message phishing with CAPTCHA evasion
Phishers are deploying minimalist emails posing as voice message notifications, containing sparse text and a link to a basic landing page. Clicking the link triggers a chain of CAPTCHA verifications to bypass security bots, ultimately directing users to a fraudulent Google login page that validates email addresses and captures credentials. This multi-layered deception highlights the need for employee training programmes, such as interactive modules on recognising suspicious links and advanced email server protection solutions like Kaspersky SecureMail, which detect and block such covert tactics.
MFA bypass via fake cloud service logins
These sophisticated phishing campaigns are targeting multi-factor authentication (MFA) by mimicking services like pCloud (a cloud storage provider that offers encrypted file storage, sharing and backup services). These emails, disguised as neutral support follow-ups, lead to fake login pages on lookalike domains (e.g., pcloud.online). The pages interact with the real pCloud service via API, validating emails and prompting for OTP codes and passwords, granting attackers account access upon successful login.
To counter this, organisations should implement mandatory cybersecurity training and deploy email security solutions like Kaspersky Security for Mail Servers, which flags fraudulent domains and API-driven attacks.
“With phishing schemes growing more deceptive, Kaspersky urges users to treat unusual email attachments, like password-protected PDFs or QR codes, with caution and verify website URLs before entering any credentials. Organisations should adopt comprehensive training programmes, which includes real-world simulations and best practices for spotting phishing attempts. Additionally, deploying robust email server protection solutions ensures real-time detection and blocking of advanced phishing tactics,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.
