Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Malvertising campaign targets Android users with advanced crypto-steal...
How are people in 15 countries leveraging AI for travel planning?
Insider threats cited alongside external attacks in terms of severity:...
How are people in 15 countries leveraging AI for travel planning?
North America financial institutions lead surge in financial regulator...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Resilience the true benchmark for smart infrastructure

      Resilience the true benchmark for smart infrastructure

      Wednesday, August 27, 2025, 8:21 PM Asia/Singapore | Features, IoT Security
    • Featured

      Deepfake a crisis of trust, not just technology

      Deepfake a crisis of trust, not just technology

      Tuesday, August 19, 2025, 10:06 AM Asia/Singapore | Features
    • Featured

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      When talking sense into AI power mongers fails, talk $$$: A message from AI

      Thursday, August 14, 2025, 12:26 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

Tips

How vigilant are you to sneaky phishing tactics?

By Vlad Cristescu, Head of Cybersecurity, ZeroBounce | Friday, June 13, 2025, 6:18 PM Asia/Singapore

How vigilant are you to sneaky phishing tactics?

Some phishing communications do not even contain links. Do they qualify as phishing attacks? Find out below.

The latest FBI Internet Crime Report notes that phishing remains the most common cybercrime in the USA, with over 193,000 complaints last year alone.

Of special relevance this year is the shift in tactics that even experienced and vigilant Internet users often miss.

Below are four sneaky tactics that blur the line between phishing and psychological scamming.

  1. Linkless phishing
    Some phishing emails contain no links, no attachments: just a short, seemingly harmless message such as “Are you free for a quick call?” or “Can you help me with this task?”
    These messages are designed to bypass filters entirely and start a real-time con via phone or reply. People are trained to spot suspicious links, but attackers have adapted by removing them altogether. Once you reply, they continue the impersonation, usually posing as a colleague or executive. If something feels off, do not respond directly. Verify through another channel before engaging.
  2. Masquerading as naggy IT help prompts
    Attackers flood users with multi-factor authentication push notifications after stealing login credentials, then follow up with an email pretending to be IT support urging them to click on some link to stop the alerts.
    This is psychological warfare more than technical trickery. It exploits a user’s frustration and trust in IT. If you are receiving multiple authentication prompts for actions you did not initiate, it may be a phishing attack. Pause, do not accede to the prompt, and escalate it to known IT personnel immediately.
  3. HTML attachments masquerading as secure portals
    Some phishing emails are now hiding their payloads inside a simple HTML attachment that opens in your browser and mimics a login screen. These emails are particularly deceptive because they look like invoices, shared documents, or secure notifications.
    Users think, “It’s just an HTML file, what harm could it do?” But one click can open a cloned login page that captures your credentials instantly. Firms should restrict HTML attachments unless essential, and users should treat unfamiliar HTML files the same way they would treat a suspicious link: do not open it unless all precautions have been taken to sandbox it before opening it. If in doubt, never launch any document at all until you have contacted IT out of an abundance of caution.
  4. Phishing through Calendar invites
    Attackers are now sending meeting requests with malicious links embedded in the invite or “Join” button.
    These invitations sync directly into calendars and often go unquestioned. Calendar invites carry this built-in credibility: they are not usually scrutinized like emails. However, if you are getting meeting requests from unknown senders, or vague event titles such as “Sync” or “Project Review”, treat those just as you would treat a phishing attempt. Disable Auto-Accept where possible, and review every invite manually before clicking on any link.

Quelling overconfident phishing diligence

Modern phishing is strategic. The more it looks like business as usual, the more dangerous it becomes.

The biggest risk today is overconfidence. No matter how experienced you are, if you stop questioning what lands in your inbox or calendar, you are vulnerable.

Awareness must evolve as fast as the threats do. Always verify senders’ email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags such as spelling errors or unusual formatting.

These small checks can make the difference between staying secure and falling for a well-crafted scam.

Share:

PreviousAnd all along we thought phone numbers linked to our online identity were safe
NextVIVOTEK Earned Level 2 in TWSE’s 11th Corporate Governance Evaluation, Top 5% Among NT$5-10B Cap Enterprises

Related Posts

Threat alert raised on the latest double-extortion ransomware

Threat alert raised on the latest double-extortion ransomware

Tuesday, June 28, 2022

Installing software updates and patches can be boring and even disruptive

Installing software updates and patches can be boring and even disruptive

Tuesday, May 18, 2021

Cashing in, cashing out: APAC FIs to invest heavily in fraud prevention technology

Cashing in, cashing out: APAC FIs to invest heavily in fraud prevention technology

Friday, October 16, 2020

Is the world too complacent about readying for Q Day?

Is the world too complacent about readying for Q Day?

Tuesday, October 1, 2024

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.