7 New Phishing Attacks You’ve Never Heard Of (and How to Stop Them)
We all know about phishing emails: the misspelled messages from a “bank” you don’t use or a foreign prince offering you millions. But phishing has come a long way. Today’s threats are more subtle, sophisticated, and honestly—pretty creative. At ISOutsource, we’ve been keeping an eye on these trends, especially through our partnership with INKY, one of the most innovative email security platforms out there.
Based on INKY’s 2025 Email Security Report, here are some phishing attacks that are flying under the radar—and what to watch for.
New Phishing Attacks to Watch for in 2025
- HTML-based QR code phishing (quishing)
- Multi-layered phishing attacks using trusted platforms
- Personalized, weaponized RTF files
- Cross-site scripting (XSS) via links
- Telegram bot credential harvesting
- Generative AI phishing (intent-aware attacks)
- Fake conversation starters / cold email manipulation
1. What Is HTML-Based QR Code Phishing (aka Next-Level Quishing)?
QR code phishing attacks aren’t new, but cybercriminals are leveling up. This is one of the fastest-growing phishing tactics in 2024, according to INKY’s annual report. Instead of embedding an image, attackers now use HTML tables and Unicode characters to build a QR code that looks just like the real thing—but isn’t an image at all. These codes are tricky to detect and often sneak past standard email filters. One scan and you’re off to a fake site designed to steal your credentials.
What to Watch For: Unexpected QR codes in emails, especially from brands or contacts you don’t normally use.
2. How Do Attackers Use Legitimate Tools for Phishing Attacks?
Phishing attacks that look like they come from real platforms—Adobe, Constant Contact, even your marketing software—are getting smarter. INKY has seen examples of emails authenticated by SPF and DMARC (which usually signal safety), sent through trusted platforms, and still ending in credential harvesting or advanced fee scams. The layering of legitimacy makes these especially convincing.
What to Watch For: Emails that appear to be legit but ask you to log in, confirm payments, or access links you weren’t expecting.
3. How Are RTF Files Being Weaponized in Phishing Attacks?
These aren’t your standard attachments. INKY detected thousands of phishing attacks using RTF (Rich Text Format) files customized with the recipient’s company name. These files often mimic financial documents or wire transfers, and once opened, redirect users to Microsoft login pages designed to steal credentials. It’s sneaky, it’s simple—and it works.
What to Watch For: Attachments with .rtf file extensions that seem oddly personalized or reference transactions you don’t recognize.
4. What Is Cross-Site Scripting (XSS) in Phishing Emails?
XSS is typically something developers worry about on websites, but now it’s creeping into phishing emails. Links are hidden behind URL-encoded redirects that look harmless, but actually take users to fake brand websites. From there, victims are tricked into entering their personal or financial information. It’s a small change in technique with big consequences.
What to Watch For: Links in emails that appear encoded or overly complex—especially from senders you don’t know.
5. How Are Telegram Bots Used in Phishing Attacks?
This one surprised even us. Some phishing attacks now include HTML attachments that create local web pages—ones that look just like a Microsoft login screen. When the user enters their info, a script sends the credentials directly to a cybercriminal’s Telegram bot. It’s fast, automated, and invisible unless you know what to look for.
What to Watch For: HTML attachments in emails, especially if the attachment launches a login page locally in your browser.
6. How Is Generative AI Creating Intent-Aware Phishing Attacks?
Not all phishing tricks involve tech. Some are just really smart writing. With generative AI in play, cybercriminals are crafting phishing attacks that sound human—offering support, nudging a response, or applying subtle pressure with an ultimatum. INKY’s new GenAI detection tech is designed to recognize the intent behind a message, not just the words. So even if the message seems friendly or helpful, the system can still flag it as suspicious.
What to Watch For: Emails with vague subject lines like “Checking in” or overly friendly follow-ups that feel out of place.
7. What Are Fake Conversation Starters in Phishing Attacks?
You get a message from someone who “just wanted to follow up” or is “circling back on that thing.” Except… you’ve never spoken to them before. These phishing attacks create fake familiarity to get a reply or click. They’re not technical—just socially engineered to lower your guard.
What to Watch For: Vague or generic follow-up emails from unfamiliar names or domains.
Staying Ahead of the Game
The good news? Tools like INKY (which we use for our clients at ISOutsource) are built to detect even the most well-disguised phishing attacks. With AI-powered detection, intent analysis, QR code scanning, and real-time link protection, we’re helping businesses stay a few steps ahead of modern threats.
If any of these techniques are new to you—that’s kind of the point. Phishing attacks aren’t always obvious anymore. But with the right awareness and the right tools, you can outsmart even the most creative cybercriminals.
Want to learn how we can help protect your business from the latest phishing attacks? Get in touch with us here.
FAQs
Q: What’s the newest type of phishing attack in 2025? A: Techniques like HTML-based QR codes, phishing with Telegram bots, and AI-written “intent-aware” emails are among the most recent threats.
Q: How can I prevent phishing attacks? A: Use AI-powered email security like INKY, train your team regularly, and never click or download anything suspicious.
Q: What makes today’s phishing attacks harder to detect? A: Attackers use personalization, authentic-looking domains, and even legitimate tools to make their phishing attempts more convincing.