Phishing in 2024: How Threat Actors Are Outsmarting Your Defenses—And What to Do About It

Phishing may not be new, but it continues to be one of the most effective tools in a threat actor’s arsenal. Why? Because it exploits the most unpredictable element of your security posture: people.

At Ontinue, our Advanced Threat Operations (ATO) team continues to see phishing as a primary entry point in many of the threats we help customers defend against. But the tactics have evolved. Today’s phishing campaigns aren’t just about poorly written emails or fake login pages—they’re about trust, obfuscation, and evading detection in increasingly sophisticated ways.

The New Face of Phishing

One of the most concerning trends observed in our latest Threat Intelligence Report is the rise of phishing schemes designed to lead users to Adversary-in-the-Middle (AiTM) sites. These pages not only steal credentials, but also session tokens, giving attackers direct access to accounts—often bypassing multi-factor authentication altogether.

So how are attackers getting past defenses and tricking users?

1. Legitimate Sites as the First Landing Page

Phishing emails are becoming harder to detect because they’re using real, trusted domains as the first step in their trap. URLs in phishing messages often lead users to legitimate platforms—like SharePoint, Microsoft Forms, WeTransfer, or Google Drive—before redirecting them to malicious sites. This multi-stage redirection helps bypass email security filters that scan for known bad domains and gives users a false sense of safety.

2. ‘No-Reply’ Email Addresses That Look Real

Another deceptive tactic involves sending phishing messages from seemingly legitimate “noreply” email addresses, such as [email protected]. These sender addresses can pass authentication checks and blend in with the dozens of other automated notifications users receive daily, making them less likely to raise alarms.

3. Leveraging Trusted Domains to Obscure the Path

Threat actors are also exploiting legitimate domains with complex or obscure URLs (e.g., from Google, Apple, or Bing) to redirect users to AiTM sites. These domains often host redirection services or open-redirect vulnerabilities, allowing attackers to hide the malicious destination behind a layer of trust.

What Organizations Can Do

Phishing isn’t going away—it’s getting smarter. But with the right strategy, your organization can reduce risk and increase resilience:

1. Harden Email Security:
Invest in advanced email protection platforms that can inspect links across multiple redirection hops and use behavioral analysis to detect suspicious patterns—not just known bad domains.

2. Continuous User Education:
Your people are your last line of defense. Provide regular, scenario-based phishing training and simulate attacks to reinforce awareness and build vigilance.

3. Implement Conditional Access & Session Controls:
Credential theft is bad—but session token theft is worse. Use tools like Conditional Access policies, real-time session monitoring, and behavioral analytics to detect anomalies and limit access after login.

4. Monitor for Abuse of Legitimate Services:
Work with a security partner (like Ontinue) to actively hunt for phishing campaigns leveraging commonly abused platforms. Proactive threat intelligence can alert you to new attack methods before they hit your inbox.

5. Zero Trust as a Philosophy, Not a Checkbox:
Don’t just rely on MFA. Adopt a layered, adaptive security model where every user, device, and session is continuously evaluated.

Stay One Step Ahead

Phishing attacks are no longer the crude, obvious scams they once were. Today, they’re subtle, well-crafted, and often indistinguishable from legitimate business communications. Threat actors are leaning into trust—your job is to verify.

To strengthen defenses even further, Ontinue recently announced ION for Enhanced Phishing Protection, a new capability that enhances detection and response by leveraging user-reported phishing emails as an additional detection source and providing specialized response actions. This enables customers to effectively address a critical cyber risk area that is often inadequately managed. Organizations benefit from the speed, accuracy, and consistency of ION’s proprietary automation, as well as the 24/7 expertise of the Ontinue Cyber Defense Center (CDC) to investigate and contain complex phishing incidents.

To learn more, visit our new ION for Enhanced Phishing Protection page.