Kaspersky: Old vs. New Phishing Threats Evolution Review

A new Kaspersky review reveals how cybercriminals are reviving and refining phishing techniques to target individuals and businesses, including calendar-based attacks, voice message deceptions and sophisticated multi-factor authentication (MFA) bypass schemes. The findings emphasize the critical need for user vigilance, employee training and advanced email protection solutions to counter these persistent threats.

These techniques are highly relevant to the Middle East, and the broader trend they reflect is already visible in regional threat telemetry.

Calendar-based phishing targets office workers

A tactic originally from the late 2010s, calendar-based phishing, has reemerged with a focus on B2B environments. Attackers send emails with calendar event invitations, often containing no body text, hiding malicious links in the event description. When opened, the event auto-adds to the user’s calendar, with reminders urging them to click links leading to fake login pages, such as those mimicking Microsoft. Previously aimed at Google Calendar users in mass campaigns, this method now targets office employees.

Calendar-based phishing is increasingly plausible in GCC organisations because it targets exactly the workflows that dominate regional corporate life. Kaspersky advises companies to conduct regular phishing awareness training, such as simulated attack workshops, to teach employees to verify unexpected calendar invites.

Voice message phishing with CAPTCHA evasion

Phishers are deploying minimalist emails posing as voice message notifications, containing sparse text and a link to a basic landing page. Clicking the link triggers a chain of CAPTCHA verifications to bypass security bots, ultimately directing users to a fraudulent Google login page that validates email addresses and captures credentials.

Voice message deception with CAPTCHA chains fits the Middle East’s communication culture particularly well. Voice notes and “you have a voicemail” cues are familiar, and the CAPTCHA step is a known evasion technique designed to defeat automated scanning and increase the chance the victim is a real person.

This multi-layered deception highlights the need for employee training programs, such as interactive modules on recognizing suspicious links and advanced email server protection solutions like Kaspersky SecureMail, which detect and block such covert tactics.

MFA bypass via fake cloud service logins

These sophisticated phishing campaigns are targeting multi-factor authentication (MFA) by mimicking services like pCloud (a cloud storage provider that offers encrypted file storage, sharing and backup services). These emails, disguised as neutral support follow-ups, lead to fake login pages on lookalike domains (e.g., pcloud.online). The pages interact with the real pCloud service via API, validating emails and prompting for OTP codes and passwords, granting attackers account access upon successful login.

MFA bypass via fake cloud-service logins is one of the most important evolutions for the Middle East precisely because many GCC organisations have made genuine progress on baseline security and now rely heavily on MFA.

To counter this, organizations should implement mandatory cybersecurity training and deploy email security solutions like Kaspersky Security for Mail Servers, which flags fraudulent domains and API-driven attacks.

“With phishing schemes growing more deceptive, Kaspersky urges users to treat unusual email attachments, like password-protected PDFs or QR codes, with caution and verify website URLs before entering any credentials. Organizations should adopt comprehensive training programs, which includes real-world simulations and best practices for spotting phishing attempts. Additionally, deploying robust email server protection solutions ensures real-time detection and blocking of advanced phishing tactics,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.