Malicious QR Codes, Voice Deepfakes, Trap SMS: New Forms of Phishing in 2026

In January 2024, an employee at Arup, the British engineering giant, received a suspicious email from his chief financial officer. He hesitated. Then he joined the video conference referenced in the message. On screen, he saw and heard his CFO, accompanied by several colleagues. Reassured, he approved 15 wire transfers totaling $25.6 million. Every person in that meeting was a deepfake generated in real time.

The incident, revealed by the Guardian, illustrates a turning point. Phishing is no longer just a typo-riddled email with a link to a dubious form. In 2026, attacks travel through QR codes stuck on parking meters, phone calls with AI-cloned voices, SMS messages impersonating delivery services or government agencies, and login pages that are impossible to tell apart from the real thing.

The ENISA Threat Landscape 2025 report, analyzing 4,875 cybersecurity incidents between July 2024 and June 2025, found that AI multiplied the volume of advanced phishing by 14x between January and December 2025 (ENISA Threat Landscape 2025) (source). AI-assisted phishing campaigns now represent a growing share of social engineering activity observed worldwide.

This article breaks down the five new forms of quishing, vishing, smishing, and phishing that bypass traditional defenses, with the latest figures, real-world cases, and concrete protective measures.

Test your team against new threats - email, QR code, and SMS simulations included.

The Evolution of Phishing: From Spam to AI-Assisted Social Engineering

To grasp the scale of the shift, it helps to see how far things have come.

2005-2015: The Mass Spam Era

The first phishing campaigns were crude: emails sent by the millions, riddled with errors, promising a Nigerian inheritance or a lottery win. Click-through rates were low (under 1%), but volume made up for it. Anti-spam filters gradually learned to block these messages, and most users eventually learned to recognize them.

2015-2023: Spear Phishing and Business Email Compromise

Attacks became personalized. Instead of sending a million identical emails, attackers began targeting specific individuals with believable messages referencing their company, their role, their colleagues. Business Email Compromise (BEC) became the most profitable attack vector: the FBI estimates global BEC losses at $2.9 billion in 2023 (IC3 Internet Crime Report).

2024-2026: The Inflection Point

Several technologies converged to create a break:

• Large language models (GPT-4, Claude, Mistral) can generate convincing phishing emails in seconds, in any language, error-free, with a tone adapted to the context.
• Voice cloning now requires only 3 seconds of audio to reproduce a voice with 85% accuracy (McAfee, 2025). Fortune reported in December 2025 that voice cloning has crossed the "indistinguishability threshold": human listeners can no longer reliably tell a cloned voice from an authentic one.
• Phishing-as-a-Service (PhaaS) tools like Sneaky2FA or Raccoon0365 allow attackers with no technical skills to launch advanced campaigns for under $75.
• QR codes have become ubiquitous in daily life (restaurants, parking, government services), creating a new vector that traditional email filters cannot analyze.

Confirming the trend measured by ENISA, AI-generated phishing emails increased by 14x between early and late 2025, rising from 4% to 56% of total volume detected by the Hoxhunt network (Hoxhunt, December 2025). Kaseya warns that "AI-generated phishing has become the norm for attackers" and that the situation will worsen in 2026.

For a full overview of business phishing statistics: Phishing in Business: 2026 Statistics, Examples, and Solutions.

Quishing: QR Code Phishing

How It Works

Quishing exploits a blind spot in cybersecurity. To an email scanner or antivirus, a QR code is just another image. But that image contains a URL, and that URL can lead to a credential-harvesting page, a malware download, or a fraudulent payment form.

The attack unfolds in three stages:

1. The attacker generates a QR code pointing to a phishing site (a cloned Microsoft 365 or Google login page, a payment form, a fake authentication page).
2. The QR code is distributed by email (embedded in the message body or in a PDF attachment), physically stuck on a legitimate surface (parking meter, restaurant menu, poster), or sent by postal mail.
3. The victim scans the QR code with their smartphone - a device often less protected than their work computer, with no EDR, no corporate web proxy.

This last point is what makes quishing particularly dangerous in a business setting: the attack "escapes" the organization's security perimeter. The employee scans the QR code with their personal phone, enters their work credentials on a phishing page, and the attacker gains access to the company's information system without ever touching the corporate network.

The Numbers

Data from 2025-2026 shows a quishing explosion:

• Over 4.2 million QR code threats identified in early 2025, with an average of 2.7 million emails containing QR codes detected daily between October 2024 and March 2025.
• 400% increase in QR code attacks between 2023 and 2025 according to Abnormal Security.
• 26% of malicious links are now distributed via QR code. And 73% of Americans scan QR codes without checking first (Keepnet Labs, 2026).
• 89.3% of QR code attacks target credential theft - not malware downloads (Keepnet Labs, 2026).
• Senior executives are targeted 42 times more than the average employee by quishing (2023 data, ratio likely even higher in 2026).
• Only 36% of quishing incidents are correctly identified and reported by employees.

Quishing in France

In France, QR code attacks exploit specific local contexts:

• Fake QR codes on parking meters: stickers with fraudulent QR codes are placed on parking meters in several French cities. The QR code redirects to a fake parking payment site that collects bank card details.
• Fake ANTAI fines: postal letters impersonating ANTAI (France's automated traffic violation agency) include a QR code to "pay the fine online." The QR code leads to a clone of amendes.gouv.fr.
• QR codes in billing PDFs: the HP Wolf Security report from March 2026 notes that every phishing PDF observed in Q4 2025 contained quishing QR codes - a direct consequence of Microsoft's macro-blocking policy pushing attackers toward new vectors.

Case Study: QR Code Attack on a French Local Government

In November 2025, a local government in southern France suffered a quishing attack that illustrates how these campaigns work.

An email, apparently sent by the human resources department, informed municipal employees of a "change in the portal for viewing pay slips." The email contained a QR code to scan "from your smartphone to securely access the new portal." The message was clean, error-free, with the local government's header and logo.

47 employees scanned the QR code. It redirected to a login page mimicking the government's HR portal, hosted on a recently registered .fr domain. 31 employees entered their work credentials. The attacker used these credentials to access employees' email inboxes, extract personal data (pay slips, sick leave records, performance reviews), and attempt fraudulent wire transfers through the accounting department.

The attack was detected after 72 hours, when an employee noticed suspicious logins to their email from a foreign IP address. The total cost of the incident (investigation, credential resets, CNIL notification - France's data protection authority - and support for affected employees) exceeded 180,000 euros.

Three factors enabled the attack:

1. No QR code filtering by the government's email gateway.
2. Use of personal smartphones to scan the code, outside the security perimeter.
3. No quishing training: employees had received phishing awareness training for emails, but QR codes had never been covered.

Quishing in the Workplace: Why Businesses Are Vulnerable

Quishing exploits a structural weakness in corporate security: the boundary between professional and personal devices.

In a standard email attack, the malicious link is clicked on the work computer, which typically has an EDR (Endpoint Detection and Response), a web proxy filtering URLs, and a browser with security extensions. Quishing bypasses all three layers: the employee scans the QR code with their personal smartphone, opens the link in a mobile browser (with no corporate proxy), and enters their work credentials on a 6-inch screen where it is harder to verify the URL.

This "perimeter escape" is worsened by several factors:

• BYOD (Bring Your Own Device) policies common in French SMEs, where employees use their personal smartphones to access work email without MDM (Mobile Device Management).
• Trust in QR codes built up since the Covid-19 pandemic, when they became ubiquitous (health passes, restaurant menus, ticketing).
• No logging: unlike a click on an email link (traceable by the gateway), a QR code scan on a personal smartphone generates no log in the company's information system. The attack is invisible until its consequences appear.

How to Protect Against Quishing

• Never scan a QR code received by email if you don't know the sender. Instead, go to the service directly through its official URL.
• Check the URL before entering credentials: after scanning a QR code, verify the address in the browser bar before entering anything.
• Use a QR reader that previews the URL: some scanning apps display the destination URL before opening the browser.
• In the physical world, watch out for QR codes stuck over another: if a sticker covers an existing QR code (on a parking meter, a restaurant table), that is a red flag.
• Include quishing in phishing simulations: modern awareness platforms let you test employees with deceptive QR codes. Launch a quishing simulation.

Vishing 2.0: Voice Deepfakes and AI Calls

The Technology Behind Voice Cloning

Vishing (voice phishing) has been around for a long time: a scammer calls pretending to be a banker, a technician, a supplier. What changed in 2025-2026 is the ability to reproduce the exact voice of a real person - an executive, a colleague, a client - from just a few seconds of recording.

Commercial voice cloning services (ElevenLabs, Resemble.AI, and others) need 3 to 30 seconds of source audio to produce a usable voice clone. This audio can be extracted from a LinkedIn video, a YouTube conference, a podcast, a WhatsApp voice message, or even a recorded phone call.

The voice clone is then fed into a real-time speech synthesis tool that lets the attacker "speak" with the target's voice during a phone call or video conference. The attacker types or dictates their text, and the system generates the cloned voice in real time with a delay of just a few hundred milliseconds.

Deepfake Vishing Numbers

2025 data shows a dizzying acceleration:

• Vishing attacks increased by 442% in 2025, fueled by AI deepfakes (DeepStrike, 2025).
• Deepfake vishing incidents surged 1,600% in Q1 2025 compared to Q4 2024 in the United States.
• Deepfake files grew from 500,000 in 2023 to a projected 8 million in 2025 (Keepnet Labs, 2026).
• 1 in 4 Americans received a deepfake voice call in the past year.
• Deepfake fraud losses exceeded $200 million in Q1 2025 in North America, and $3 billion between January and September 2025 in the United States.
• Global losses from generative AI fraud (including vishing) are expected to rise from $12.3 billion in 2024 to $40 billion by 2027, a 32% annual growth rate (Deloitte).

Notable Real-World Cases

Arup: $25.6 Million (2024) The incident described in the introduction remains the most spectacular. The attacker used real-time video and audio deepfakes to simulate a full video conference with the CFO and several colleagues. Rob Greig, Arup's global CIO, told the Guardian: "the number and sophistication of these attacks have increased sharply in recent months."

Ferrari: Foiled Attempt (2024) Ferrari CEO Benedetto Vigna was targeted by a deepfake call. The attacker impersonated a senior Ferrari executive. The call was foiled only because a manager asked a personal question that only the real person could answer - a verification reflex that most employees would not have had.

British Energy Company: 220,000 Euros (2019) The first documented case of deepfake voice fraud: an executive at a British energy company wired 220,000 euros after a call from the "CEO of the German parent company." The voice, the accent, the speech rhythm - everything matched. The attacker had cloned the voice from public recordings.

UNC6040: $12 Million (2025) This group operating from Eastern Europe infiltrated a Canadian insurance company using a voice clone of the CFO, leading to the theft of financial data and $12 million in unauthorized wire transfers.

How to Detect a Deepfake Call

Detection by human ear is becoming increasingly difficult: Fortune reports that voice cloning crossed the "indistinguishability threshold" in late 2025. A few clues remain usable:

• Unusual latency: a slight delay in responses may indicate real-time AI processing.
• Overly fluid responses: a complete absence of "um," pauses, or rephrasing can betray a synthetic voice.
• The personal question test: as Ferrari's team did, ask a question only the real person would know the answer to. "Do you remember the restaurant where we had lunch last week?"
• Call back on a verified number: if in doubt about a call requesting financial action or the transfer of sensitive data, hang up and call the person back on their usual number.

Countermeasures for Businesses

Organizational Procedures

• Mandatory dual approval for any wire transfer above a defined threshold: confirmation via a second channel (email + call, or validation in the financial management tool). The threshold should be adapted to the company's size: for an SME, 5,000 euros is a reasonable starting point.
• Verbal confirmation code: some companies establish a weekly verbal password to validate sensitive requests over the phone. The code is communicated in person or through a separate secure channel. Simple, but effective against current voice deepfakes.
• Systematic callback policy: any financial request received by phone must be verified by calling the requester back on their usual number (the one in the internal directory, not the one displayed on the incoming call screen).

Targeted Training

• CFOs, accountants, and executive assistants are the priority targets for vishing. They must receive specific training on deepfake attempts, with hands-on exercises that include listening to samples of cloned voices.
• Receptionists and front-desk staff must know that attackers use vishing to collect information (organization chart, names of financial managers, wire transfer procedures) before launching the main attack.
• Executives whose voices are publicly available (conferences, podcasts, interviews) must be told that their voice can be cloned and used against their own company. Simulate a vishing attack on your team.

Technical Measures

• Recording incoming calls on sensitive lines (finance department, executive offices), in compliance with GDPR and with prior notice to the caller. Recording allows post-incident analysis and deters some attackers.
• Real-time deepfake audio detection solutions: still emerging in 2026, but tools like Pindrop, Resemble Detect, or Reality Defender are starting to offer integration with enterprise telephony systems. These solutions analyze the spectral characteristics of the voice to detect synthesis artifacts.

Smishing: The SMS Messages Trapping France

Why SMS Is a Formidable Attack Vector

SMS enjoys a significantly higher level of trust than email. SMS open rates exceed 95%, compared to 20-30% for emails. Users have been trained to be suspicious of suspect emails, but are less conditioned to doubt a text message. An SMS is short, urgent, and appears directly on the lock screen - no time to think.

Smishing exploits this trust by sending short messages impersonating trusted organizations (national health insurance, tax authority, parcel carriers) with a link to a mobile-optimized phishing site.

The Smishing Explosion in France

The French numbers speak for themselves:

• In 2025, Orange received over one million reports via 33700, the French reporting number for fraudulent SMS and calls.
• Parcel delivery fraud increased by 30% in 2025, with La Poste/Colissimo accounting for 18% of impersonated brands.
• Toll road fraud saw a rise of over 900% in 2025 - a vector that was virtually nonexistent a year earlier.
• Data breaches fuel smishing: the Colis Prive incident exposed up to 15 million delivery records, Chronopost saw 210,000 customers affected, and Mondial Relay was hacked in late 2025. In a single quarter of 2025, 15.5 million French accounts were compromised.

The Most Common Scams in France

The Ameli / Carte Vitale Scam "Your new Carte Vitale is available. Fill out the form to receive it: [link]." This SMS impersonates the Assurance Maladie (France's national health insurance) and redirects to a fake ameli.fr site that collects personal information, bank details, and sometimes a copy of the ID card. Ameli states that it "never sends SMS requesting personal or banking information" (ameli.fr).

The Chronopost / La Poste / Colissimo Scam "Your parcel is awaiting delivery. Remaining shipping fees: 1.95 euros. Pay here: [link]." The amount is deliberately low to avoid raising suspicion. The clone site collects bank details. La Poste states that it "will never ask you to pay to collect a parcel by SMS or email."

Cybermalveillance.gouv.fr (France's national cyberattack assistance platform) notes that scammers have developed a two-step technique: a first SMS without a link to prompt a reply, which makes the number appear as a "legitimate conversation" in the messaging app, then a second SMS containing the phishing link - this time with the active link (Cybermalveillance.gouv.fr).

The CPF (Personal Training Account) Scam "Your CPF rights expire on 03/31/2026. Use them before it's too late: [link]." The information is false: CPF rights never expire as long as the holder is employed. The link leads to a site that collects FranceConnect credentials or redirects to a fraudulent training provider.

The ANTAI / Traffic Fine Scam "You have an unpaid fine. Resolve your situation within 48 hours to avoid a surcharge: [link]." The link mimics amendes.gouv.fr. Urgency and the fear of a surcharge push people to act fast.

The Toll / Crit'Air Sticker Scam A rapidly growing vector (+900% in 2025): "You have not paid your toll. Resolve your situation: [link]." These SMS messages target drivers and take advantage of the rollout of free-flow tolling in France.

The Technical Infrastructure of Smishing: SIM Farms and Spoofing

Smishing in 2025-2026 is no longer a cottage industry. Attackers use industrial-scale infrastructure to send millions of fraudulent SMS messages:

SIM farms: devices containing dozens of prepaid SIM cards enable mass SMS sending from French mobile numbers (06/07 prefixes). These devices, purchased online for a few hundred euros, are the SMS equivalent of email botnets. The SIM cards are bought with fake identities or in countries where registration is not required, then activated in France via roaming.

SMS spoofing: online services allow modification of an SMS sender ID. An attacker can send an SMS that appears to come from "Ameli," "La Poste," or "Impots.gouv" in the recipient's conversation thread. On some phones, the fraudulent SMS inserts itself directly into the existing conversation with the legitimate organization, making it nearly undetectable.

Smishing-as-a-Service platforms: following the PhaaS model for email, platforms accessible on Telegram sell turnkey smishing kits: French-language SMS templates, mobile-optimized phishing pages, real-time dashboards with statistics (number of SMS sent, click rate, credentials collected). Entry pricing is $50-200 per campaign.

The French Regulatory Response

Facing the smishing explosion, French authorities have strengthened their defenses:

• The 33700 number: this reporting number, operated by AF2M (the French association for multimedia services), allows people to report fraudulent SMS and calls. Reports feed a database shared among carriers that block identified numbers. In 2025, over one million reports were processed.
• The anti-scam filter: announced by the French government under the SREN law (Securing and Regulating the Digital Space), this system enables browsers and carriers to block access to phishing sites identified by authorities. It works via DNS blocklist, fed by Pharos reports and analyses from Cybermalveillance.gouv.fr (France's national cyberattack assistance platform).
• SIM registration requirements: since 2021, buying prepaid SIM cards in France requires an ID. But this measure is circumvented by using SIM farms with cards activated abroad.
• Cybermalveillance.gouv.fr (France's national cyberattack assistance platform) regularly publishes alerts on ongoing smishing campaigns, with screenshots of fraudulent SMS and URLs to avoid. The site saw a 30% increase in visits in 2025, a sign of the scale of the problem.

The Emerging Threat: RCS Phishing

RCS (Rich Communication Services), the successor to SMS adopted by Google Messages and gradually by Apple, allows sending enriched messages (images, buttons, interactive cards). For legitimate businesses, it is an improved communication channel. For attackers, it is a new playground: RCS messages can contain action buttons that hide the destination URL, making phishing harder to detect than in a standard SMS where the URL is visible in plain text.

How to Protect Against Smishing

• Golden rule: no official French organization (Ameli, tax authority, ANTAI) requests payment or personal information via SMS.
• Check the sender number: an SMS from a 06, 07, or +33 6/7 number claiming to be the national health service or a carrier is fraudulent. Official organizations use short numbers (5 digits).
• Never click a link in an unexpected SMS: go directly to the service through the official app or by typing the URL in your browser.
• Report to 33700: forward the fraudulent SMS by text to 33700 or on the 33700.fr platform.
• Train employees on smishing: phishing simulations must include SMS scenarios, especially in industries where employees use company smartphones.

AI-Generated Phishing: The End of Spelling Mistakes

What Changed with Language Models

For years, the main security advice was: "Watch out for emails with spelling mistakes." That advice is now obsolete.

Language models can generate phishing emails that are grammatically flawless, stylistically adapted to the context, and personalized at industrial scale. An attacker can produce in minutes an email that:

• Uses the tone and vocabulary of the targeted company (extracted from the website, LinkedIn, public communications).
• References real projects, real colleagues, real dates.
• Is written in perfect French - or in any other language, with the appropriate cultural nuances.

Studies confirm the effectiveness of these attacks: according to academic research published in 2024, AI-generated phishing emails achieve a 54% click-through rate, compared to 12% for traditional control emails. The credential submission rate goes from 7.5% for standard phishing to 33.6% for AI-generated phishing.

The Industrialization of Phishing

AI has not only improved phishing quality - it has collapsed its cost and production time:

• The time needed to create a convincing phishing campaign has dropped from 16 hours to 5 minutes thanks to language models.
• Attackers save 95% of campaign costs by using LLMs.
• Tools like SpamGPT, WormGPT, EscapeGPT, and FraudGPT, sold on underground forums, automate lure generation and anti-spam filter evasion.
• A complete phishing campaign can be launched for under $75 via Phishing-as-a-Service platforms.

The ENISA Threat Landscape 2025 report notes that phishing is now "industrialized through Phishing-as-a-Service (PhaaS) platforms, enabling operators of all skill levels to launch complex campaigns."

The UTA0388 Case: Multilingual Phishing by a State-Aligned Group

Since June 2025, security firm Volexity has been tracking a China-aligned threat group, designated UTA0388, that uses language models - including OpenAI's ChatGPT - to improve its phishing operations targeting organizations in North America, Asia, and Europe. Compromised accounts were used to generate polished phishing templates in English, Chinese, and Japanese, with cultural nuances adapted to each target.

AI Phishing in France: The Language Barrier Has Vanished

Until 2023, the French language offered relative protection against mass phishing. International campaigns were often written in clumsy French - awkward machine translations, anglicized phrasing, grammatical gender errors. A native French speaker could spot these anomalies in seconds - other indicators remain reliable, as we explain in our guide to recognizing fraudulent emails.

That barrier has shattered. Current language models produce flawless French with appropriate cultural nuances: professional "vouvoiement" (formal address), French courtesy formulas ("Veuillez agreer..."), references to French government agencies (URSSAF, DGFIP, Ameli), and even abbreviations and acronyms specific to French administrative contexts.

The 2025 CESIN report (France's club of information security and digital executives) notes that 60% of French companies consider phishing the most frequent attack vector, and that the linguistic quality of attempts has "improved considerably." Security officers surveyed emphasize that recent phishing emails are often indistinguishable from legitimate internal communications - even for security professionals.

A France-specific aggravating factor: the multiple massive data breaches of 2024-2025 (France Travail with 43 million records, Viamedis/Almerys with 33 million Social Security numbers, Free with 19 million accounts) provide attackers with the personalization data needed for targeted spear phishing campaigns. A phishing email that mentions your Social Security number, your address, and your employer is far more convincing than a generic message.

How Training Must Evolve

The arrival of AI phishing makes traditional training ("spot the spelling mistakes") counterproductive: it gives a false sense of security. This is why cybersecurity e-learning alone is no longer enough. Awareness programs must now:

For a full approach to cybersecurity training in SMEs: Cybersecurity Training Guide for SMEs.

• Teach systematic verification: any email requesting financial action, a bank detail change, or credential entry must be verified through a second channel, regardless of how well it is written.
• Use realistic simulations that include AI-generated emails - error-free, personalized with company context.
• Build the reporting reflex rather than relying solely on detection ability. The Verizon DBIR 2025 shows that organizations that train regularly see a 4x improvement in the reporting rate of suspicious emails.
• Incorporate the psychological dimension: modern attacks exploit well-documented cognitive biases. Read our analysis of phishing psychology to understand why employees click despite training.

To set up simulations adapted to these new threats: Complete Guide to Phishing Simulation in Business.

MFA Fatigue and Bypass Attacks

Notification Bombing

Multi-factor authentication (MFA) is one of the most effective security measures, but it is not foolproof. The MFA fatigue attack (also called MFA bombing or push notification bombing) involves bombarding a user with MFA approval requests until they accept one out of exhaustion, by mistake, or out of confusion.

The principle is simple: the attacker already has the victim's credentials (bought on the dark web, stolen through phishing, or harvested by an infostealer). They attempt to log in to the account, which triggers an MFA push notification on the victim's phone. They repeat the operation dozens of times, sometimes for over an hour, until the victim, worn down by the incessant notifications, taps "Approve" to make them stop.

The Uber Breach (September 2022)

The best-documented case remains the Uber breach of September 2022. An attacker affiliated with the Lapsus$ group bought the credentials of an Uber contractor on the dark web. The login attempt was blocked by MFA. The attacker then:

1. Bombarded the contractor with MFA push notifications for over an hour.
2. Contacted the victim on WhatsApp, posing as Uber's IT department, explaining that "the only way to stop the notifications is to accept one."
3. The contractor accepted. The attacker gained access to Uber's internal network.
4. They scanned the network and found a PowerShell script containing admin credentials in plaintext - giving access to DUO, OneLogin, AWS, GSuite, and Uber's bug bounty reports.

The attacker was 18 years old. The FTC (Federal Trade Commission) included this breach in regulatory actions against Uber, and the incident cost several million dollars in investigation, remediation, and regulatory response.

A Microsoft study shows that 1% of users accept an MFA approval request on the first attempt - which is enough to compromise an entire network.

The Adversary-in-the-Middle (AiTM) Attack

More advanced than MFA bombing, the AiTM attack intercepts the authentication session in real time. The attacker positions a proxy server between the victim and the legitimate service (Microsoft 365, Google Workspace). The victim enters their credentials and completes MFA normally, but it is the attacker's proxy that receives the session token. The attacker can then use that token to access the account without needing to redo MFA.

The Verizon DBIR 2025 documents a rise in MFA bypass methods, including token theft, MFA bombing, and AiTM techniques. The report notes that "standard" MFA methods - SMS codes, push notifications, OTP codes - are now bypassable at scale.

Protective Measures

• Switch to phishing-resistant MFA: FIDO2/WebAuthn keys (YubiKey, Google Titan) and passkeys are not vulnerable to bombing or AiTM.
• Limit MFA attempts: configure a maximum threshold for push notifications (e.g., 3 attempts in 10 minutes) with automatic alerts to the SOC or administrator.
• Number matching: instead of a simple "Approve/Deny" button, require the user to enter a code displayed on the login screen - preventing "blind" approval.
• Train your teams: explain that receiving unsolicited MFA notifications is a sign of an active attack, and that they should deny them and report immediately. Our what to do in case of phishing guide covers the full procedure.

Browser-in-the-Browser (BitB): The Perfect Fake Window

How It Works

The Browser-in-the-Browser attack, first documented by security researcher mr.d0x in 2022, exploits users' habit of authenticating via pop-up windows ("Sign in with Google," "Sign in with Microsoft," "Sign in with Facebook").

The attacker creates, using HTML, CSS, and JavaScript, a fake browser window inside the web page. This window perfectly simulates the appearance of a legitimate login pop-up: an address bar with a credible URL (https://accounts.google.com/...), a green SSL padlock, window buttons, and the site icon.

The victim sees what looks like a real Google or Microsoft login window, with the correct URL in the address bar. They enter their credentials. But the "address bar" is merely an image or a styled HTML element: it cannot be modified, and the displayed URL is fake.

Why It Is So Effective

Detection is extremely difficult for an uninformed user:

• The URL displayed in the fake address bar appears legitimate.
• The SSL padlock is visible.
• The appearance is identical to a real login window.
• The only visible difference: the window cannot be dragged outside the browser, and the password manager does not trigger (since the actual domain is the attacker's).

Real-World Examples

Steam / Counter-Strike 2 (March 2025) Researchers from Silent Push identified a phishing campaign targeting Counter-Strike 2 players who are fans of the Navi (Natus Vincere) esports team. Victims were lured by promises of free skins via YouTube videos and social media posts. The phishing site presented a fake Steam login window with a fake SSL padlock and a URL field mimicking store.steampowered.com. The operation appears to originate from China-based actors.

Similar campaigns in 2022 had led to the theft of Steam accounts worth up to $300,000.

Microsoft 365 via Sneaky2FA (2025) Sneaky2FA, a Phishing-as-a-Service platform, integrated BitB technique into its phishing kits. The fake Microsoft 365 login windows are nearly indistinguishable from real ones. The Raccoon0365 platform followed by adding a "BITB mini-panel" to its service lineup.

Ministries and Government Websites CTM360 observed campaigns using BitB to target Ministries of the Interior in several countries. Victims accessing the compromised site were confronted with a full-screen display of a fake browser interface, prompting them to enter their government credentials.

How to Detect a BitB Attack

• Try to drag the window: a real pop-up window can be dragged outside the browser window. A fake BitB window stays confined inside the page.
• Check the password manager: if your password manager (Bitwarden, 1Password, LastPass) does not offer to auto-fill credentials, that is suspicious - it detects that the actual domain does not match the displayed URL.
• Try to edit the URL: in a real window, you can click the address bar and modify the URL. In a BitB, the "address bar" does not respond to clicks.
• Adopt passkeys/WebAuthn: as with MFA fatigue, phishing-resistant authentication methods (FIDO2, passkeys) are immune to BitB attacks.

Summary Table: New Phishing Forms Compared

Vector	Detection Difficulty	Prevalence in France (2025-2026)	French Examples	Key Protections
Quishing (QR code)	High - invisible to email scanners	Rising sharply, QR ubiquitous post-Covid	Fake parking meters, fake ANTAI fines, QR in billing PDFs	Verify URL after scan, don't scan QR from email, include in training simulations
Deepfake vishing	Very high - voice indistinguishable from real	Emerging, documented cases mostly outside France	CEO fraud, fake banker scams	Dual approval for transfers, verbal code, callback on verified number
Smishing	Medium - short, urgent SMS exploiting trust	Massive, 1M+ reports/year via 33700	Ameli, Chronopost, CPF, ANTAI, tolls	Never click, verify via official app, report to 33700
AI phishing	Very high - no errors, deep personalization	Dominant, 56% of volume detected in late 2025	Emails targeting French CFOs, fake suppliers	Second-channel verification, AI simulations, systematic reporting
MFA fatigue	Medium - unsolicited notifications are a signal	Growing, enabled by credential leaks	Microsoft 365 accounts, corporate VPNs	FIDO2/passkeys, attempt limiting, number matching
BitB (Browser-in-Browser)	High - visually identical to real pop-up	Growing, integrated into PhaaS kits	Steam, Microsoft 365, government services targets	Drag the window, check password manager, passkeys

How to Protect Your Business Against These New Threats

Traditional defenses - antivirus, anti-spam filters, firewalls - remain useful but insufficient against the vectors described in this article. AI phishing bypasses filters because it lacks the traditional markers (blacklisted domains, malicious attachments, known text patterns). Quishing bypasses email scanners because the QR code is an image. Vishing bypasses the entire digital perimeter because it goes through the phone.

Effective protection relies on a multi-layered approach.

Layer 1: Continuous Employee Training

This is the defense layer that covers all vectors. A trained employee recognizes the principle behind the attack even if they don't recognize its form. They know that an urgent email requesting a wire transfer must be verified by phone, that a QR code in an email is suspicious, that a call requesting credentials is abnormal.

Phishing simulations must evolve to include new vectors:

• AI-generated emails (error-free, personalized)
• QR codes leading to fake login pages
• Vishing scenarios with realistic pretexts
• SMS impersonating French services (Ameli, La Poste)

Data shows that organizations conducting regular training reduce their phishing click rate from 20-35% to under 5% within 12 months, and multiply their reporting rate by 4. See the detailed benchmarks by industry to gauge your organization. Launch a multi-channel simulation campaign.

Layer 2: Phishing-Resistant Authentication

Standard MFA (SMS, push notification, OTP) protects against brute-force attacks but not against MFA bombing, AiTM, or BitB. Moving to phishing-resistant methods - passkeys, FIDO2/WebAuthn, hardware security keys - neutralizes the majority of vectors described in this article.

Layer 3: Validation Procedures

No technology will replace a dual-approval procedure for sensitive actions:

• Any bank detail change verified by calling the supplier's usual number.
• Any wire transfer above a defined threshold approved by two people.
• Any admin access requested by phone verified through a second channel.

Layer 4: Detection and Response

Detection tools are also evolving: EDR with behavioral analysis, SIEM with event correlation, real-time deepfake detection solutions (still emerging). For an SME, the priority is having response capability: knowing who to call, how to isolate a compromised account, how to notify affected parties.

90-Day Action Plan for an SME

For businesses starting from scratch or that have not yet incorporated new vectors into their security program, here is a realistic action plan.

Days 1-30: Assessment and Foundations

• Conduct an MFA posture audit: which accounts are protected, with which method? Are critical accounts (administrators, finance, management) still using SMS or simple push notifications?
• Inventory BYOD access: how many employees access work email from their personal smartphone? Is MDM in place?
• Launch an initial phishing simulation campaign to establish a baseline click rate. Include at least one standard email scenario and one QR code scenario.
• Implement the dual-approval procedure for wire transfers: define the threshold (e.g., 5,000 euros), confirmation channels, and authorized personnel.

Days 31-60: Deploying Protections

• Migrate critical accounts to phishing-resistant MFA (passkeys or FIDO2 keys). Start with management, finance, and IT administrators.
• Enable number matching on Microsoft 365 or Google Workspace accounts (available natively in Authenticator and alternatives).
• Limit MFA push attempts to 3 per 10-minute window, with automatic alerts.
• Train finance teams on voice deepfakes: present the Arup and Ferrari cases, explain the verified-number callback procedure, establish a weekly verbal code for sensitive phone requests.

Days 61-90: Ongoing Training and Testing

• Launch the second simulation campaign, this time with more varied scenarios: AI email (error-free, personalized), QR code in a PDF, SMS impersonating Chronopost or Ameli.
• Measure the improvement in click rate and reporting rate compared to the first campaign.
• Establish a quarterly simulation calendar with vector rotation (email, QR code, SMS, voice pretext).
• Document incident response procedures: who to contact in case of account compromise, how to revoke a session token, how to notify CNIL (France's data protection authority) if personal data is exposed. For a step-by-step guide: What to Do in Case of Phishing.

The cost of this program is modest compared to the risk: a phishing simulation costs between 2 and 5 euros per employee per month, a FIDO2 key costs 25-50 euros per user (one-time investment). By comparison, the average cost of a business email compromise exceeds 125,000 euros for a French SME (How Much Does a Cyberattack Cost an SME?).

FAQ

What is quishing and why is it dangerous?

Quishing (QR code phishing) is a phishing attack that uses QR codes to redirect victims to malicious websites. The QR code can be sent by email, embedded in a PDF document, or physically stuck on a legitimate surface (parking meter, restaurant menu, poster). Quishing is particularly dangerous because QR codes are invisible to standard anti-spam filters: an email scanner sees only an image, not a malicious link. Furthermore, the attack transfers phishing from the protected workstation to the personal smartphone, which is often less secure. In 2025, QR code attacks increased by 400% (Abnormal Security), and 89% of them target credential theft (Keepnet Labs, 2026).

How does deepfake voice vishing work?

Deepfake voice vishing uses artificial intelligence to clone a real person's voice - an executive, a colleague, a client - from just a few seconds of audio recording. The attacker then uses this cloned voice in real time during a phone call or video conference to impersonate the person being mimicked. According to McAfee, 3 seconds of audio are enough to create a voice clone with 85% accuracy. In December 2025, Fortune reported that voice cloning has crossed the "indistinguishability threshold": humans can no longer reliably tell the difference. The Arup incident ($25.6 million lost via a deepfake video conference) and the attempted attack on Ferrari's CEO illustrate the severity of this threat.

Do anti-phishing filters protect against these new threats?

Traditional anti-phishing filters remain useful but are increasingly being bypassed by new threats. The HP Wolf Security report from September 2025 indicates that at least 13% of email threats detected by HP Sure Click had bypassed one or more email gateway scanners. The reasons: AI phishing no longer contains the traditional markers (spelling errors, blacklisted domains), QR codes are treated as simple images by scanners, and PhaaS kits evolve faster than signature databases. The most effective protection combines technical filtering, user training, and human validation procedures.

How can you protect yourself from smishing in France?

In France, no official organization (Assurance Maladie/Ameli, tax authority/DGFIP, ANTAI) requests payment or personal information via SMS. Any such request is fraudulent. Carriers (La Poste, Chronopost) never ask you to pay delivery fees by SMS. To protect yourself: never click a link in an unexpected SMS; access the service through the official app or by typing the URL in your browser; report the fraudulent SMS to 33700 (by forwarding the text) or on 33700.fr. In 2025, Orange received over one million reports via 33700, confirming the scale of the problem in France.

What is a Browser-in-the-Browser attack?

A Browser-in-the-Browser (BitB) attack creates a fake browser window inside a web page, simulating a legitimate login pop-up (Google, Microsoft, Facebook, Steam). The fake window displays a credible URL in its "address bar," but that bar is a decorative HTML element, not a real address bar. The user believes they are logging into the official site and enters their credentials, which are captured by the attacker. To detect a BitB: try to drag the window outside the browser (a fake window stays confined), check whether your password manager triggers (it won't because the actual domain is different), and try clicking the address bar to edit it (it won't respond).

Is MFA enough to protect against phishing?

MFA greatly reduces risk but does not eliminate it. MFA fatigue attacks (bombarding users with push notifications until they accept one), Adversary-in-the-Middle techniques (intercepting session tokens in real time), and session token theft bypass standard MFA methods (SMS, push, OTP). The Uber breach of September 2022, where an 18-year-old attacker bombarded a contractor with MFA notifications for over an hour before contacting them on WhatsApp, remains the textbook case. For reliable protection, choose phishing-resistant methods: FIDO2/WebAuthn keys, passkeys, or at minimum, MFA with number matching and attempt limiting.

Conclusion

Phishing in 2026 looks nothing like it did in 2020. Malicious QR codes, voice deepfakes, trap SMS messages, AI-generated emails, and MFA bypass techniques form an arsenal that renders traditional defenses partially obsolete.

The numbers speak for themselves: 56% of phishing is now AI-generated (Hoxhunt, 2025), QR code attacks have risen by 400% (Abnormal Security), deepfake vishing has surged 442% (DeepStrike), and over one million fraudulent SMS were reported in France via the 33700 hotline in 2025.

The good news: awareness training works, even against these new threats. Regularly trained employees reduce their click rate to under 5% and multiply their reporting rate by 4. But training must evolve: simulations limited to "standard" emails with spelling mistakes no longer prepare people for real threats.

Protection in 2026 combines realistic simulations integrating quishing, smishing, and AI phishing, phishing-resistant authentication (passkeys, FIDO2), and human validation procedures for sensitive actions.

The cost of inaction exceeds the cost of prevention, as the detailed figures in the action plan above make clear.

Launch your first multi-channel simulation - email, SMS, and QR code included. Measurable results within 90 days.

For further reading: complete phishing simulation guide | features | pricing