Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters

Cybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny.

In 2025, attackers are noted tried-and-true approaches—like password-protected attachments and calendar invites—with new twists such as QR codes, multi-stage verification chains, and live API integrations.

These refinements not only prolong the attack lifecycle but also exploit gaps in scanning tools and users’ trust in seemingly legitimate security measures.

Phishing emails bearing PDF attachments remain a staple of both mass and targeted campaigns.

Rather than embedding clickable links directly, threat actors now favor QR codes inside PDFs. Recipients scan codes on their mobile devices, which often lack the same enterprise-grade security controls as workstations.

This tactic resurrects the earlier trend of including QR codes in email bodies but takes it further by shielding phishing URLs behind an extra layer of file handling ...