April 2025 saw cybercriminals deploy new phishing strategies designed to bypass traditional defenses, warns Barracuda Networks.
Barracuda threat analysts have flagged a spike in email-based threats leveraging trusted platforms and clever evasion tactics to increase success rates. The report highlights three key trends: toxic calendar invites, phishing kits abusing ShareFile, and the resurgence of voicemail-based phishing.
In a new twist, attackers are using ICS (.ics) calendar invites to trick recipients into clicking malicious links under the guise of unpaid invoices. These invites, which are universally compatible across Outlook, Google Calendar, and Apple Calendar, link to phishing sites hosted on legitimate platforms like Monday.com. Victims are lured into entering their Microsoft credentials after completing a fake CAPTCHA.
Meanwhile, phishing kits like Tycoon 2FA and Mamba 2FA are exploiting Citrix’s ShareFile to host fake login pages. These kits target Microsoft 365 users and can intercept one-time passcodes, effectively bypassing multi-factor authentication (MFA). By using ShareFile links—trusted by many enterprises—the phishing emails easily evade detection and deceive recipients.
Barracuda also reports a resurgence in voicemail phishing, or vishing, after months of decline. These attacks use fake voicemail alerts to redirect users to malicious forms on platforms like Monday and Zoho, often incorporating LinkedIn redirect URLs to boost authenticity.
The email body in such attacks is usually minimal, lacking context, and relies on urgency or vague threats to prompt user action.
Barracuda recommends heightened vigilance among users and urges organizations to deploy layered email security solutions. Its Email Protection suite offers impersonation detection, phishing defense, domain fraud protection, and integrated training for employees.
With phishing tactics becoming increasingly sophisticated, CISOs are urged to reinforce awareness training and regularly audit their organization’s email security posture.