Risky Bulletin Sponsored: Phishing crews have gotten really good at evasion
Jun 9, 2025
In this insightful conversation, Jacques Louw, co-founder and Chief Product Officer of Push Security, discusses the alarming advancements in phishing tactics. He highlights how attackers cleverly hide their malicious payloads using legitimate tools and OAuth challenges. The dialogue also emphasizes the importance of passkeys in fortifying security against these sophisticated threats. Furthermore, they explore the role of AI in identity security and the transition to more advanced phishing detection methods, offering a glimpse into the future of cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Phishing Complexity Has Increased
- Modern phishing attacks are far more complex than the simple email link clicks of the past.
- Attackers must circumvent layered defenses like sandboxes and threat intelligence feeds to succeed.
Phishers Exploit Bot-Detection Tools
- Phishers use legitimate bot-detection tools like Cloudflare Turnstile to evade sandbox detection.
- This clever use of 'good' security tools thwarts many automated phishing detection methods.
OAuth Shields Phishing Pages
- Attackers increasingly trap phishing pages behind legitimate OAuth logins to block automated scanners.
- This prevents sandboxes from reaching the phishing content, improving evasion.