A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.
Introduction
In 2025, phishing is still the most prevalent kind of cyber attack on the planet. Indeed, 1.2% of the global email traffic is phishing. That's 3.4 billion emails each day, but only a low number results in a compromise since "only" 3% of employees would click on a malicious link. However, when they do, it can be disastrous for their company. 91% of cyber attacks start with a malicious email to a target. Considering that, we easily understand why phishing is still one of the favorite initial access vectors of threat actors.
At Quarkslab, our Adversary Simulation Team often conducts advanced phishing campaigns as part of our penetration tests and realistic training sessions we provide to our customers.
The objective of this blog post is to review methods used nowadays in phishing attempts. We take an offensive approach to the attacks, analyzing the techniques used and how malicious emails are delivered to their victims. We'll also look at the backbone of any phishing campaign, also known as the infrastructure. This technical review will solely focus on email phishing, excluding smishing, vishing and other forms of social engineering attacks.
Advanced Phishing Techniques
Place yourself in the shoes of an attacker. You want to compromise an organization, what would you do? Well, phishing, of course, After all it is the path of less resistance, but how?
In this section, we will see different approaches used in phishing campaigns to retrieve victim's credentials or even sessions. All of these methods come with their pros and cons.
The classic method
HTML page
... continue reading