{"id":20760,"date":"2025-08-23T10:39:48","date_gmt":"2025-08-23T10:39:48","guid":{"rendered":"https:\/\/www.webhosting.uk.com\/blog\/?p=20760"},"modified":"2026-06-23T13:15:48","modified_gmt":"2026-06-23T13:15:48","slug":"emerging-phishing-tactics-and-how-to-spot-them","status":"publish","type":"post","link":"https:\/\/www.webhosting.uk.com\/blog\/emerging-phishing-tactics-and-how-to-spot-them\/","title":{"rendered":"Emerging Phishing Tactics and How to Spot Them"},"content":{"rendered":"<p>While phishing attacks have plagued businesses for years, today, they are far more sophisticated, with attackers using AI-generated voices, chatbot impersonation and advanced personalisation to trick recipients. In this post, we explore the emerging phishing tactics being used by cybercriminals and explain how to recognise and defend against them.<\/p>\n<div class=\"more-tab-content\">\n<h2 class=\"ai-optimize-60\"><strong>Contents<\/strong><\/h2>\n<ol>\n<li><a href=\"#businesses\">A growing problem for businesses<\/a><\/li>\n<li><a href=\"#phishing\">Deepfake voice phishing<\/a><\/li>\n<li><a href=\"#attacks\">AI chatbots used in phishing attacks<\/a><\/li>\n<li><a href=\"#abuse\">Consent phishing via authorisation abuse<\/a><\/li>\n<li><a href=\"#emails\">AI-enhanced phishing emails<\/a><\/li>\n<li><a href=\"#against\">Defending against sophisticated phishing<\/a><\/li>\n<li><a href=\"#provider\">Protection from your hosting provider<\/a><a name=\"businesses\"><\/a><\/li>\n<li><a href=\"#conclusion\">Conclusion<\/a><\/li>\n<\/ol>\n<\/div>\n<h3><strong>A growing problem for businesses<\/strong><\/h3>\n<p>Phishing has become one of the most pernicious cyber threats facing businesses today. According to <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/phishing-attack-statistics\/\">Astra Security<\/a>, 3.4 billion phishing emails are sent every day. In terms of impact, they are involved in <a href=\"https:\/\/threatcop.com\/blog\/phishing-statistics\/\">92% of data breaches<\/a>, <a href=\"https:\/\/bluefire-redteam.com\/phishing-trends-2025-statistics-tactics-expert-protection-tips\/\">45% of ransomware attacks<\/a> and <a href=\"https:\/\/deepstrike.io\/blog\/Phishing-Statistics-2025\">94% of malware infections<\/a>.<\/p>\n<p>While we primarily associate phishing with email, cybercriminals are now using a wider range of channels, from voice calls and text messages to live chat and app login popups. Many are also using AI, with some so realistic they can fool even experienced users.<\/p>\n<p>Phishing tactics now include:<\/p>\n<ul>\n<li>Deepfake voice phishing \u2013 where scammers clone voices to impersonate CEOs or suppliers<\/li>\n<li>AI chatbot phishing \u2013 bots pose as customer support to steal credentials<\/li>\n<li>Consent phishing \u2013 users are tricked into giving malicious apps <a name=\"phishing\"><\/a>access to their accounts (e.g., when they ask you to log in via Google or Facebook)<\/li>\n<li>AI-personalised emails \u2013 convincing messages crafted using scraped social data<\/li>\n<li>Phishing-as-a-Service \u2013 kits make these tools widely available to criminals<\/li>\n<\/ul>\n<h3><strong>Deepfake voice phishing<\/strong><\/h3>\n<p>One of the most dangerous new trends is the use of cloned voices in phone scams. Simply by finding a short clip from a podcast or social media video, attackers can use AI to convincingly recreate someone\u2019s voice.<\/p>\n<p>Scammers will search for and clone the voices of company executives and use them to send urgent calls or voice messages to internal staff, authorising payments or asking recipients to share access <a name=\"attacks\"><\/a>credentials.<\/p>\n<p>The accuracy of the cloned voices means protocols need to be put in place to verify unusual requests. Employees also need to be trained to spot them.<\/p>\n<h3><strong>AI chatbots used in phishing attacks<\/strong><\/h3>\n<p>AI chatbots, a common feature of many websites, are now being deployed on fake sites where they pose as customer support. Able to engage users in realistic conversations, they craftily collect usernames, password or payment details from unsuspecting users.<\/p>\n<p>Employees should be trained to spot signs of <a name=\"abuse\"><\/a>malicious chatbots, such as redirecting to third-party sites or requesting sensitive data without context.<\/p>\n<p style=\"text-align: center;\"><em><strong>Are you taking advantage of chatbots? Read: <a href=\"https:\/\/www.webhosting.uk.com\/blog\/human-vs-ai-chatbot-for-website-support-which-is-best\/\">Human vs AI Chatbot for Website Support: Which Is Best?<\/a><\/strong><\/em><\/p>\n<h3><strong>Consent phishing via authorisation abuse<\/strong><\/h3>\n<p>Consent phishing involves tricking users into granting third-party apps access to their data via OAuth (Open Authorisation protocol). This usually occurs when users click on a \u2018Login with Google\u2019 or \u2018Connect your Microsoft account\u2019 button from a phishing page.<\/p>\n<p>As many legitimate apps use OAuth, victims think they are just logging in. However, with content phishing, they are authorising a rogue app to access emails, files or cloud storage, and enabling permissions that can remain even after a password reset.<\/p>\n<p>To protect against this, businesses should limit the types of apps that can be connected to corporate <a name=\"emails\"><\/a>accounts, audit OAuth permissions, and train staff to verify login screens before authorising access.<\/p>\n<p style=\"text-align: center;\"><em><strong>How secure is your website? Read: <a href=\"https:\/\/www.webhosting.uk.com\/blog\/defending-your-website-a-security-checklist-for-site-owners\/\">Defending Your Website: A Security Checklist for Site Owners<\/a><\/strong><\/em><\/p>\n<h3><strong>AI-enhanced phishing emails<\/strong><\/h3>\n<p>With employees getting better at spotting phishing emails, cybercriminals have begun to use generative AI tools, like ChatGPT, to create messages that are fluent, persuasive and highly targeted and which don\u2019t have spelling mistakes, poor formatting or badly spoofed visuals. Moreover, they feed existing messaging from brands into the AI so that it accurately recreates brand voice and communication style guides.<\/p>\n<p>When targeting businesses, attackers will also scrape social media and company websites to add personal details, such as job titles, managers\u2019 names or project <a name=\"against\"><\/a>information \u2013 all of which increases the success rate.<\/p>\n<p>Staff should be wary of messages that create urgency, use personal details unexpectedly or which contain unusual links or attachments.<\/p>\n<h3><strong>Defending against sophisticated phishing<\/strong><\/h3>\n<p>Protecting your business from phishing requires a layered approach that combines smart tools with staff training and clear processes.<\/p>\n<p>Given that credential theft is a major goal for phishing attacks, multi-factor authentication (MFA) is essential to prevent cybercriminals from getting access, even if a user\u2019s password is compromised. This should be enforced across all accounts.<\/p>\n<p>Regular training and simulated phishing tests are valuable in helping employees recognise suspicious messages and reacting to them appropriately. Importantly, training should include emerging phishing tactics, so users know how to spot new methods of attack.<\/p>\n<p>Businesses should also control third-party app access, particularly those that use OAuth. As part of this, admins should monitor which apps have been authorised and block access where appropriate.<\/p>\n<p>To protect recipients of your outgoing emails, you should also configure your domain with SPF, DKIM and DMARC records. <a name=\"provider\"><\/a>These protocols verify that the emails are genuinely from your business and thus reduce the chance of spoofed emails reaching customer inboxes.<\/p>\n<p style=\"text-align: center;\"><em><strong>For more information, read: <a href=\"https:\/\/www.webhosting.uk.com\/blog\/how-to-implement-dmarc-for-google-and-yahoo-compliance\/\">How to Implement DMARC for Google and Yahoo Compliance<\/a><\/strong><\/em><\/p>\n<h3><strong>Protection from your hosting provider<\/strong><\/h3>\n<p>A reliable hosting provider can help protect you and your customers against phishing attacks and lessen the impact of malware and data breaches if an attack is successful. These protections include:<\/p>\n<ul>\n<li>Real-time spam filters, like <a href=\"https:\/\/www.webhosting.uk.com\/spam-experts\">SpamExperts<\/a>, that identify and block the vast majority of email-based phishing attempts from reaching users&#8217; email accounts.<\/li>\n<li><a href=\"https:\/\/www.webhosting.uk.com\/email-certificates\">Email SSL certificates<\/a> that verify your domain\u2019s authenticity for email recipients while encrypting communications.<\/li>\n<li>Tools like <a href=\"https:\/\/www.webhosting.uk.com\/imunify-360\">Imunify360<\/a> that scan for malicious code that may be deployed through phishing sites or compromised plugins.<\/li>\n<li>cPanel or Plesk \u2013 control panels that make it easy for admins to configure domain-level protection, set up SPF and DKIM records, and manage access to email accounts.<\/li>\n<li><a href=\"https:\/\/www.webhosting.uk.com\/backup-solutions\">Cloud-based, automated,<\/a><a name=\"conclusion\"><\/a><a href=\"https:\/\/www.webhosting.uk.com\/backup-solutions\"> off-site backups<\/a> that enable businesses to restore data and systems quickly in the event that a phishing attack results in ransomware, infection or data theft.<\/li>\n<\/ul>\n<h3><strong>Conclusion<\/strong><\/h3>\n<p>Smarter and more convincing, today\u2019s emerging phishing tactics now include AI-crafted emails, cloned voice calls, fake chatbots and spoof app logins. Moreover, with Phishing as a Service kits widely available, even amateur cybercriminals are able to launch sophisticated attacks. However, by educating staff, tightening access controls and login security, and choosing secure hosting, you can keep your business protected from the scammers.<\/p>\n<p>At Webhosting UK, our hosting plans are built with security in mind. From spam protection and SSLs to automated backups and malware detection, we provide the infrastructure to keep your site and your staff better protected. For more information about our hosting solutions, <a href=\"https:\/\/www.webhosting.uk.com\/\">visit our homepage<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While phishing attacks have plagued businesses for years, today, they are far more sophisticated, with attackers using AI-generated voices, chatbot impersonation and advanced personalisation to trick recipients. In this post,&hellip;<\/p>\n<p><a href=\"https:\/\/www.webhosting.uk.com\/blog\/emerging-phishing-tactics-and-how-to-spot-them\/\" class=\"more-link\">Read More<\/a><\/p>\n<div class='heateorSssClear'><\/div><div  class='heateor_sss_sharing_container heateor_sss_horizontal_sharing' data-heateor-sss-href='https:\/\/www.webhosting.uk.com\/blog\/emerging-phishing-tactics-and-how-to-spot-them\/'><div class='heateor_sss_sharing_title' style=\"font-weight:bold\" >Spread the love<\/div><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Femerging-phishing-tactics-and-how-to-spot-them%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"X\" class=\"heateor_sss_button_x\" href=\"https:\/\/twitter.com\/intent\/tweet?text=Emerging%20Phishing%20Tactics%20%26%20How%20to%20Detect%20Them&url=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Femerging-phishing-tactics-and-how-to-spot-them%2F\" title=\"X\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_x\" style=\"background-color:#2a2a2a;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg width=\"100%\" height=\"100%\" style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M21.751 7h3.067l-6.7 7.658L26 25.078h-6.172l-4.833-6.32-5.531 6.32h-3.07l7.167-8.19L6 7h6.328l4.37 5.777L21.75 7Zm-1.076 16.242h1.7L11.404 8.74H9.58l11.094 14.503Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fwww.webhosting.uk.com%2Fblog%2Femerging-phishing-tactics-and-how-to-spot-them%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:40px;height:40px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div><div class='heateorSssClear'><\/div>","protected":false},"author":147,"featured_media":20764,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1735],"tags":[268],"ppma_author":[2389],"class_list":["post-20760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-security"],"authors":[{"term_id":2389,"user_id":147,"is_guest":0,"slug":"niraj-chhajed","display_name":"Niraj Chhajed","avatar_url":{"url":"https:\/\/www.webhosting.uk.com\/blog\/wp-content\/uploads\/2016\/10\/1671629317463.jpg","url2x":"https:\/\/www.webhosting.uk.com\/blog\/wp-content\/uploads\/2016\/10\/1671629317463.jpg"},"author_category":"1","user_url":"https:\/\/www.webhosting.uk.com\/","last_name":"Chhajed","first_name":"Niraj","job_title":"","description":"I'm a SEO and SMM Specialist with a passion for sharing insights on website hosting, development, and technology to help businesses thrive online."}],"_links":{"self":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/20760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/comments?post=20760"}],"version-history":[{"count":5,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/20760\/revisions"}],"predecessor-version":[{"id":21129,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/posts\/20760\/revisions\/21129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/media\/20764"}],"wp:attachment":[{"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/media?parent=20760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/categories?post=20760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/tags?post=20760"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.webhosting.uk.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=20760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}