Phishing campaigns are no longer the clumsy scams filled with typos that users once learned to spot. Security researchers from Red Canary and Zscaler have identified a wave of new methods, ranging from fake Chrome updates to phony Zoom and Teams meeting invites, and even realistic tax forms targeting government officials.
Remote Management Tools Turned Against Victims
One of the biggest changes in modern phishing is the misuse of Remote Monitoring and Management (RMM) tools — software normally used by IT teams to maintain systems. Once attackers gain access, they can act as administrators on compromised machines, installing malware, stealing data, or even launching ransomware attacks. Tools like Tenable, PDQ, SimpleHelp, and Asra have already been exploited in these campaigns.
Researchers identified four main lures, with the most common being fake browser update alerts. These imitate Chrome’s legitimate update messages but instead deliver malicious JavaScript to the user’s device. Clicking “Update” triggers the download of a rogue installer designed to compromise the system.
Defense Requires More Than Spotting Typos
According to Alex Berninger, Senior Intelligence Manager at Red Canary, the fight against phishing has moved far beyond looking for spelling mistakes in emails. “It’s unrealistic to expect employees to identify every technique attackers invent,” he explained. Instead, organizations should focus on network monitoring, endpoint detection, and strict controls over RMM tools.
As always, prevention is the first line of defense. Experts recommend:
- Download software only from official sources.
- Avoid opening attachments or clicking links from suspicious emails.
- When in doubt, scan files with services like VirusTotal, which compares them against databases of known malware.
Phishing may be evolving, but with the right safeguards, both individuals and organizations can stay one step ahead.
