Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Microsoft flagged billions of phishing emails over a three-month period and reports a shift toward modular, multi-stage phishing campaigns: commercial phishing-as-a-service platforms (e.g., Tycoon2FA tied to Storm-1747), CAPTCHA-gated file payloads (PDF, HTML, DOCX, SVG), and high-volume BEC tactics are enabling large-scale, evasive attacks; defenders should employ layered controls (Safe Links, Safe Attachments, SmartScreen, endpoint/network protections) and user training to mitigate risk.