Next-Gen Phishing Tactics Users Aren’t Ready For | Huntress
ID: 9000d058-39f9-5b39-bd02-92603cde4bda
STIX ID: report--9000d058-39f9-5b39-bd02-92603cde4bda
Feed Name: Huntress Blog
This report outlines five advanced phishing tactics being observed and simulated by Huntress—ClickFix (command-execution via native tools), Browser-in-the-Browser (rendered fake auth windows), OAuth consent phishing (ConsentFix and authorization code theft), device code phishing (authorizing an attacker’s device via legitimate device-login flows), and fake video-conference overlays (malicious update prompts). Each technique subverts conventional user training (checking URLs, padlocks, or download aversion) to achieve credential/token theft, persistent cloud access, or remote code installation, and the document describes corresponding simulated training scenarios and demos to build user resilience.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
