Five Ways Spear Phishing Tactics are Evolving in 2025

Evolution of Spear Phishing Tactics

What type of phishing became very effective around 2010 and still worries security teams today? Spear phishing. Spear phishing remains  highly effective and is getting more dangerous by the day. What is spear phishing? What new technologies and methods will attackers use to get around common defenses? How will they become more precise and convincing? We will explore these questions below.

What Exactly Is Spear Phishing?

Spear phishing is a targeted attack that uses detailed information about a victim. It creates personalized emails or messages. The goal is to trick the person into sharing sensitive information or taking certain actions.

Spear phishing, in contrast to standard phishing, concentrates on specific victim information. Gaining the victim’s trust and successfully taking advantage of them is made easier with this information. Attackers are improving spear phishing by using tactics like voice and video scams. They also use QR code exploits, SMS phishing, and platform-based attacks.

Learn about five new spear phishing tactics that are growing on the dark web. Find out how attackers are changing spear phishing to use new technology trends.

1) Platform Diversification

Spear phishing isn’t just about email anymore. Attackers are now targeting individuals through platforms like Microsoft Teams, LinkedIn, WhatsApp and others.

These channels let them create personalized interactions. This helps them avoid typical email security measures. As a result, their attacks are harder to detect and more effective.

Lazarus attackers, for example, ran an operation called Operation Dream Job. They impersonated recruiters on LinkedIn to target their victims. After establishing rapport, they sent malicious links with an executable quiz to download. 

Now, in 2024, they are reaching out via LinkedIn and WhatsApp with links disguised as job application forms. These links lead victims to phishing sites designed to steal login credentials and personal information.

Spear phishing tool for WhatsApp
Example of a phishing tool for WhatsApp

In workplace scenarios, collaboration tools like Microsoft Teams have become a big target. Victims, who often rely on these tools in their daily work, are more likely to engage with an attacker. They do this without any real suspicion. When attackers use different platforms, it makes security tools less effective. This makes it harder for users to spot real messages and get rid of malicious ones.

2) Voice and Video Fakes

Deepfake technology has taken spear phishing to a whole new level. Attackers can now create incredibly realistic voice and video impersonations, tricking people into doing things like transferring money or giving away sensitive information. It’s harder than ever to tell what’s real and what’s fake.

A recent case in Hong Kong shows how convincing scams can be. It started with an email and led to a video call. A finance worker was tricked into transferring $25 million. The scammer looked and sounded just like their CFO. The deepfake was so realistic that the fraudulent request seemed completely legitimate.

Spear phishing tool for voice impersonation
A tool being shared on a cybercrime forum for voice impersonation

On cybercrime forums, deepfake creation services are readily available, enabling attackers to generate these impersonations at low cost. For as little as $10, attackers can purchase tools to replicate a victim’s voice or image.

These fakes are often delivered through spear phishing emails or messages to make the request seem even more convincing. For example, an attacker might send an email that looks like it’s from an executive. They may then follow up with a deepfake voice message. This message pushes the recipient to act on the "urgent" request.

3) QR Code Spear Phishing

QR codes are everywhere. They are now used in spear phishing attacks to secretly deliver malicious links and files. QR codes obscure their destination from view. This makes it easier for attackers to trick and exploit victims who are not careful about scanning them.

Spear phishing discussion to exploit QR Codes
Cybercriminals discussing ways to exploit QR codes

Unlike generic phishing campaigns, QR code spear phishing targets specific people or groups. This can include employees of a certain company or attendees at an event. Attackers can, for example, embed malicious QR codes in event materials or company presentations. These codes can lead victims to phishing pages that look like internal login portals. 

4) Phishing-as-a-Service (PhaaS)

Spear phishing attacks are being built out using pre-made tools and services offered by phishing-as-a-service (PhaaS) platforms. They offer customized phishing websites, real time credential collection interfaces and even features to intercept one time passwords (OTP).

In an example we found on a cybercrime forum, a seller promoted a phishing panel. This panel could target email services like Gmail, Outlook, and ProtonMail.

Selling Live Panel is a ready-made phishing attack tool
A ready-made phishing set-up tool

The service offered multithreading and support for personalized campaigns. This allowed attackers to expand their operations while still targeting individual users. These capabilities make it easier for attackers to launch spear phishing campaigns. PhaaS lowers the barrier of entry for them.

5) SMS Gateways for Targeted Smishing

Smishing is often linked to large phishing scams. However, cybercriminals are now using advanced SMS gateways for targeted spear phishing attacks.

These gateways allow the delivery of personalized messages. These messages appear to come from reputable sources, like financial institutions, healthcare groups, or employers. This can happen through spoofed phone numbers, for example.

Example of an SMS gateway used in smishing attacks
Example of a SMS gateway used in smishing attacks

For example, an attacker might send an SMS pretending to be from a victim’s bank. The message warns about suspicious activity in the victim’s account. The message includes a link to a phishing site that mimics the bank’s login page, prompting the victim to enter their credentials.

This example may seem like a typical phishing attack; however, cybercriminals often use this method to target wealthy individuals. This makes it a more focused spear-phishing situation.

Secure Your Team from Spear Phishing

Email is no longer the only way to spear phish. Attackers are now exploiting platforms like LinkedIn, WhatsApp, and Teams. They are also using deepfake technology and QR code exploits to bypass traditional defenses.

Advanced AI-driven threat detection is used by SlashNext to identify and block these methods in real time. Our solutions detect novel threats by analyzing context, behavior, and communication patterns across multiple channels. 

Stay ahead with us and learn more at SlashNext.com about spear phishing. Learn how we address these challenging techniques by filling out the contact form.

Read about the evolution of spear phishing tactics

 

Blog Subscription

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.