April 9, 2025 By Bill Toulas
Phishing actors are employing a new evasion tactic called 'Precision-Validated Phishing' that only shows fake login forms when a user enters an email address that the threat actors specifically targeted.
Unlike traditional mass-targeting phishing, this new method uses real-time email validation to ensure phishing content is shown only to pre-verified, high-value targets.
Although not overly advanced or particularly sophisticated, the new tactic excludes all non-valid targets from the phishing process, thus blocking their visibility into the operation.
Email security firm Cofense, which documented the rise in adoption of this new tactic, noted that it has created a significant practical problem for them.
When researching phishing sites, it is common for researchers to enter fake email addresses or ones under their control to map the credential theft campaign.
However, with this new technique, invalid or test email addresses inputted by researchers now display an error or redirect them to benign sites. This impacts automated security crawlers and sandboxes used in research, reducing detection rates and prolonging the lifespan of phishing operations.
