Editor’s note: Kaspersky has published a new threat review detailing how phishing campaigns are evolving, with attackers reviving older tactics and combining them with newer techniques to bypass modern defenses. The analysis highlights calendar-based phishing in corporate environments, voice message scams designed to evade automated detection, and sophisticated methods to circumvent multi-factor authentication. While not crypto-specific, these threats directly affect fintech firms, digital asset platforms, and Web3 teams that rely on cloud services, email workflows, and MFA. The findings are particularly relevant for Middle East organizations, where enterprise digitization has accelerated.
Key points
Calendar invites are being used as phishing vectors, auto-adding malicious events to corporate calendars.
Voice message phishing relies on CAPTCHA chains to bypass security tools and validate real users.
Attackers are targeting MFA by using fake cloud service logins that interact with real APIs.
Regional threat data shows these techniques are already active across Middle East organizations.
Why this matters
As enterprises across the Middle East adopt cloud services, remote workflows, and stronger authentication, phishing attacks are adapting to exploit exactly those systems. For fintech, crypto platforms, and Web3 builders, compromised credentials can mean financial loss, data breaches, and regulatory exposure. The return of low-noise, highly targeted phishing shows that baseline security measures are no longer enough on their own, increasing the importance of employee training and advanced email protection as part of broader digital risk management.
What to watch next
Whether calendar-based phishing continues to spread beyond early B2B targets.
How widely MFA bypass techniques using legitimate APIs are adopted by attackers.
Changes in enterprise security training and email protection strategies in response.
Disclosure: The content below is a press release provided by the company/PR representative. It is published for informational purposes.
A new Kaspersky review reveals how cybercriminals are reviving and refining phishing techniques to target individuals and businesses, including calendar-based attacks, voice message deceptions and sophisticated multi-factor authentication (MFA) bypass schemes. The findings emphasize the critical need for user vigilance, employee training and advanced email protection solutions to counter these persistent threats.
These techniques are highly relevant to the Middle East, and the broader trend they reflect is already visible in regional threat telemetry.
Calendar-based phishing targets office workers
A tactic originally from the late 2010s, calendar-based phishing, has reemerged with a focus on B2B environments. Attackers send emails with calendar event invitations, often containing no body text, hiding malicious links in the event description. When opened, the event auto-adds to the user’s calendar, with reminders urging them to click links leading to fake login pages, such as those mimicking Microsoft. Previously aimed at Google Calendar users in mass campaigns, this method now targets office employees.
Calendar-based phishing is increasingly plausible in GCC organisations because it targets exactly the workflows that dominate regional corporate life. Kaspersky advises companies to conduct regular phishing awareness training, such as simulated attack workshops, to teach employees to verify unexpected calendar invites.
Voice message phishing with CAPTCHA evasion
Phishers are deploying minimalist emails posing as voice message notifications, containing sparse text and a link to a basic landing page. Clicking the link triggers a chain of CAPTCHA verifications to bypass security bots, ultimately directing users to a fraudulent Google login page that validates email addresses and captures credentials.
Voice message deception with CAPTCHA chains fits the Middle East’s communication culture particularly well. Voice notes and “you have a voicemail” cues are familiar, and the CAPTCHA step is a known evasion technique designed to defeat automated scanning and increase the chance the victim is a real person.
This multi-layered deception highlights the need for employee training programs, such as interactive modules on recognizing suspicious links and advanced email server protection solutions like Kaspersky SecureMail, which detect and block such covert tactics.
MFA bypass via fake cloud service logins
These sophisticated phishing campaigns are targeting multi-factor authentication (MFA) by mimicking services like pCloud (a cloud storage provider that offers encrypted file storage, sharing and backup services). These emails, disguised as neutral support follow-ups, lead to fake login pages on lookalike domains (e.g., pcloud.online). The pages interact with the real pCloud service via API, validating emails and prompting for OTP codes and passwords, granting attackers account access upon successful login.
MFA bypass via fake cloud-service logins is one of the most important evolutions for the Middle East precisely because many GCC organisations have made genuine progress on baseline security and now rely heavily on MFA.
To counter this, organizations should implement mandatory cybersecurity training and deploy email security solutions like Kaspersky Security for Mail Servers, which flags fraudulent domains and API-driven attacks.
“With phishing schemes growing more deceptive, Kaspersky urges users to treat unusual email attachments, like password-protected PDFs or QR codes, with caution and verify website URLs before entering any credentials. Organizations should adopt comprehensive training programs, which includes real-world simulations and best practices for spotting phishing attempts. Additionally, deploying robust email server protection solutions ensures real-time detection and blocking of advanced phishing tactics,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com
This article was originally published as Old Meets New: Kaspersky Explores the Evolution of Phishing Threats on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.
