Risky Bulletin Sponsored: Push Security on the evolution of phishing techniques
Aug 31, 2025
Jacques Louw, co-founder of Push Security, discusses the alarming evolution of phishing techniques in a world where attacks extend beyond email to platforms like LinkedIn and Twitter. He highlights the inadequacy of traditional defenses against sophisticated phishing tactics targeting corporate systems. Louw also emphasizes the importance of user awareness and improved visibility in mitigating risks, particularly regarding dark web credentials and the blending of personal and professional online security. Their open-source taxonomy of phishing attacks aims to educate and empower users.
AI Snips
Chapters
Transcript
Episode notes
Phishing Beyond Email
- Phishing no longer lives only in email; attackers deliver links via search, social DMs, and web apps.
- Push can trace a click's full redirect chain to reveal non-email origins and novel delivery vectors.
Malicious Redirect From Legit Links
- Jacques described a campaign where a Google search led to a microsoft.com link that redirected to a phishing IDP.
- Attackers abused ADFS/SAML redirect flows to send users from legit domains directly to phishing pages.
Domain Reputation Is Insufficient
- Domain reputation is increasingly insufficient because attackers can route users through trusted domains to malicious pages.
- Detection must focus on browsing behavior and traffic, not just domain IOCs.