{"id":32219,"date":"2026-01-19T17:08:43","date_gmt":"2026-01-19T17:08:43","guid":{"rendered":"https:\/\/blog.lacnic.net\/?p=32219"},"modified":"2026-01-20T15:35:18","modified_gmt":"2026-01-20T15:35:18","slug":"advanced-phishing","status":"publish","type":"post","link":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/","title":{"rendered":"Analysis of advanced phishing techniques and their mitigation"},"content":{"rendered":"\n<p>By <a href=\"https:\/\/blog.lacnic.net\/en\/author\/guillermo-pereyra\/\">Guillermo Pereyra<\/a><\/p>\n\n\n\n<p>Phishing is no longer limited to using easily identifiable emails or links as attack vectors. Although these techniques are still in use, modern attacks aim to evade more robust security measures, such as two-factor authentication (2FA) or session cookie hijacking. This article will look at how these advanced phishing techniques work and what measures can be taken to mitigate their risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Traditional vs. Advanced Phishing<\/h2>\n\n\n\n<p>Traditional phishing focuses on stealing basic credentials such as usernames, passwords, or personal information. In order to do so, attackers impersonate an organization or individual, usually through emails or simple web forms. <a><\/a><\/p>\n\n\n\n<p>Advanced phishing, however, relies on more sophisticated tools and techniques designed to bypass security controls and overcome basic user awareness training for identifying malicious emails and domains. These attacks specifically target:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Capturing one-time passwords (OTPs)<\/li>\n\n\n\n<li>Hijacking an active user session without the need to steal credentials or the second authentication factor<\/li>\n<\/ul>\n\n\n\n<p>Unlike traditional phishing, which is primarily concerned with credential theft, advanced phishing also targets authenticated sessions. This is most commonly achieved through session cookie theft, enabling attackers to fully bypass protections such as two-factor authentication (2FA).<\/p>\n\n\n\n<p stlye=\"padding:0;margin:0\"><\/p><p stlye=\"padding:0;margin:0\"><\/p><p stlye=\"padding:0;margin:0\"><\/p><p stlye=\"padding:0;margin:0\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Session Cookies?<\/h2>\n\n\n\n<p>Session cookies are identifiers that a server sends to a user\u2019s browser after successful authentication. They allow the application to maintain the user\u2019s session state without requiring re-authentication for every request.<\/p>\n\n\n\n<p>If an attacker manages to capture a session cookie, they can load it into their own browser and effectively impersonate the legitimate user, since the website assumes the session has already been authenticated.<\/p>\n\n\n\n<p>As a result, many modern security strategies no longer focus solely on protecting credentials but also emphasize preventing session hijacking and cookie reuse.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Advanced Phishing Techniques<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Real-Time Proxy Phishing (Man-in-the-Middle)<\/h3>\n\n\n\n<p><a><\/a>This technique uses an intermediary server (proxy) that sits between the victim and the legitimate website.<\/p>\n\n\n\n<p><strong>How it works:<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>The attacker sends a link that directs the victim to a proxy-controlled page designed to look identical to the legitimate site.<\/li>\n\n\n\n<li>When the victim enters their credentials and 2FA code, the proxy forwards them to the real website while capturing the session cookies.<\/li>\n\n\n\n<li>The attacker then gains real-time access to the user\u2019s account, even with 2FA enabled.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"499\" src=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies-1024x499.png\" alt=\"\" class=\"wp-image-32207\" srcset=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies-1024x499.png 1024w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies-300x146.png 300w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies-677x330.png 677w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies-768x374.png 768w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig1-phishing-2fa-cookies.png 1166w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>2. 2FA Approval Request \u201cFatigue\u201d Attacks<\/h3>\n\n\n\n<p>This technique does not directly steal the 2FA code. Instead, it overwhelms the user with repeated approval requests. It primarily targets users who rely on push-based authentication methods, where a notification is sent to approve a login attempt.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" width=\"766\" height=\"1024\" src=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-766x1024.png\" alt=\"\" class=\"wp-image-32210\" style=\"width:400px\" srcset=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-766x1024.png 766w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-224x300.png 224w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-247x330.png 247w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-768x1027.png 768w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies-300x401.png 300w, https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/fig2-phishing-2fa-cookies.png 848w\" sizes=\"(max-width: 766px) 100vw, 766px\" \/><\/figure>\n\n\n\n<p><a><\/a><a href=\"https:\/\/guide.duo.com\/android?ljs=es-la\">Source: Duo Mobile.<\/a><\/p>\n\n\n\n<p><a><\/a>How it works:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>The attacker first obtains the user\u2019s credentials, typically through traditional phishing or info-stealing malware.<\/li>\n\n\n\n<li>They then initiate multiple login attempts, triggering repeated \u201cApprove Sign-In\u201d notifications in the user\u2019s 2FA application (e.g., Duo, Microsoft Authenticator).<\/li>\n\n\n\n<li>The objective is to exploit user fatigue\u2014causing the user, out of confusion or frustration, to approve one of the requests without careful consideration.<\/li>\n<\/ol>\n\n\n\n<p>Once a request is approved, the attacker can log in successfully and obtain a valid session cookie, which can later be reused without repeating the authentication process.<\/p>\n\n\n<section class=\"acf-view acf-view--id--21788 acf-view--object-id--32219\"><div class=\"acf-view__texto_fijo acf-view__row\"><div class=\"acf-view__texto_fijo-field acf-view__field\"><div class=\"acf-view__texto_fijo-choice acf-view__choice\">Additional reading:<\/div><\/div><\/div><div class=\"acf-view__link acf-view__row\"><div class=\"acf-view__link-field acf-view__field\"><a target=\"_self\" class=\"acf-view__link-link acf-view__link\" href=\"https:\/\/blog.lacnic.net\/en\/passwords-passkeys\/\">No More Passwords: Meet Passkeys<\/a><\/div><\/div><\/section>\n\n\n<h3 class=\"wp-block-heading\">3. Browser in the Browser (BitB) Attack<\/h3>\n\n\n\n<p>This type of attack exploits the trust users place in pop-up windows commonly used for Single Sign-On (SSO) authentication, such as Google or Microsoft logins.<\/p>\n\n\n\n<p>Attackers use a combination of HTML, CSS, and JavaScript to simulate a browser window within the user\u2019s actual browser.<\/p>\n\n\n\n<p>The fraudulent window displays a URL that appears legitimate, but in reality does not correspond to the destination where the user\u2019s credentials are being submitted.<\/p>\n\n\n\n<iframe loading=\"lazy\" width=\"100%\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/1M-N-VcyiXM?si=3kQ2TukCQHtkFHcU\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Other Vectors for Session Cookie Compromise<\/h2>\n\n\n\n<p>While phishing remains the most common attack vector, session cookies can also be compromised through other technical means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Phishing combined with XSS: If a website is vulnerable to Cross-Site Scripting (XSS), an attacker can inject malicious scripts to exfiltrate cookies that are not properly protected.<\/li>\n\n\n\n<li><\/li>\n\n\n\n<li>Malware and info stealers: Malicious software installed on a user\u2019s device that searches for locally stored cookies and exfiltrates them to the attacker.<\/li>\n<\/ul>\n\n\n\n<p>These attack vectors highlight the importance of protecting session cookies not only from the user\u2019s perspective, but also through secure application design and implementation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Phishing as a Service (PhaaS)<\/h2>\n\n\n\n<p>In recent years, there has been significant growth in Phishing as a Service (PhaaS) offerings within underground markets. These platforms operate under a subscription model and allow malicious actors to launch phishing campaigns easily, without requiring advanced technical knowledge.<\/p>\n\n\n\n<p>PhaaS kits and services often integrate advanced techniques such as real-time proxies, session cookie theft, and techniques to bypass multi-factor authentication (2FA). As a result, they enable highly effective and scalable attacks, lowering the barrier to entry for cybercrime and amplifying the reach and impact of large-scale phishing campaigns.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Mitigation and Prevention Measures<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>For users<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>Measure<\/strong><\/td><td><strong>Description<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>Use FIDO2\/WebAuthn-Based 2FA<\/strong><\/td><td>Prefer physical security keys (hardware tokens) such as YubiKey, which are resistant to Man-in-the-Middle phishing attacks.<\/td><\/tr><tr><td><strong>Carefully Inspect URLs<\/strong><\/td><td>Always verify that the URL is legitimate before entering any credentials, even if the site appears identical to the real one.<\/td><\/tr><tr><td><strong>Keep Software Updated<\/strong><\/td><td>Ensure that your browser, operating system, and antivirus software are up to date to reduce the risk of cookie theft and other vulnerabilities.<\/td><\/tr><tr><td><strong>Log Out of Active Sessions<\/strong><\/td><td>Make it a habit to manually log out of sensitive websites, especially when using shared or public devices.<\/td><\/tr><tr><td><strong>Use a Password Manager<\/strong><\/td><td>Use a trusted password manager (e.g., Bitwarden, 1Password, KeePass) to generate and store strong, unique passwords for each site, minimizing the impact of breaches and credential reuse.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>For organizations<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>Strategy<\/strong><\/td><td><strong>Details<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>Implement Phishing-Resistant 2FA<\/strong><\/td><td>Provide authentication methods based on WebAuthn or certificates (e.g., FIDO2, passkeys) that are resistant to phishing attacks.<\/td><\/tr><tr><td><strong>Anomalous Session Monitoring<\/strong><\/td><td>Monitor active sessions for unusual changes in geolocation, IP address, or user agent, which may indicate session hijacking.<\/td><\/tr><tr><td><strong>Use Secure Cookie Attributes<\/strong><\/td><td>Implement cookies with HttpOnly (to mitigate XSS-based theft) and Secure (to ensure cookies are transmitted only over HTTPS).<\/td><\/tr><tr><td><strong>Protect Against Cookie Reuse<\/strong><\/td><td>Bind session cookies to the device, browser, or network context to reduce the risk of reuse by attackers.<\/td><\/tr><tr><td><strong>Short Session Lifetimes and Re-authentication for Critical Actions<\/strong><\/td><td>Enforce short session lifetimes and require re-authentication and\/or 2FA for sensitive or high-risk actions within the application.<\/td><\/tr><tr><td><strong>Continuous Training<\/strong><\/td><td>Conduct regular phishing simulations that include proxy-based attacks and raise awareness of 2FA fatigue techniques.<\/td><\/tr><tr><td><strong>Enterprise Password Managers<\/strong><\/td><td>Adopt enterprise-grade password managers that support centralized management, secure credential sharing, and access auditing.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Conclusion<\/h2>\n\n\n\n<p>Looking ahead, the threat posed by advanced phishing attacks is expected to continue to grow. These attacks can compromise even users who have two-factor authentication (2FA) enabled, particularly when security awareness is limited.<\/p>\n\n\n\n<p>Adopting phishing-resistant authentication methods such as FIDO2 and passkeys, combined with ongoing vigilance and continuous education for both users and organizations, is essential to effectively mitigate these risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">References<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy\">https:\/\/www.bleepingcomputer.com\/news\/security\/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/blog.lacnic.net\/en\/passwords-passkeys\/\">https:\/\/blog.lacnic.net\/passkeys-contrasenas\/<\/a><\/p>\n\n\n\n<p><a id=\"_msocom_1\"><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Guillermo Pereyra Phishing is no longer limited to using easily identifiable emails or links as attack vectors. Although these techniques are still in use, modern attacks aim to evade more robust security measures, such as two-factor authentication (2FA) or session cookie hijacking. This article will look at how these advanced phishing techniques work and [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":32214,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[499],"tags":[1271],"archivo":[1345,1451],"taxonomy-authors":[1245],"tipo_autor":[],"class_list":["post-32219","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cibersecurity","archivo-editions","archivo-highlights-2023","taxonomy-authors-guillermo-pereyra-en"],"acf":{"author":"","related_notes":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LACNIC Blog | Analysis of advanced phishing techniques and their mitigation<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC Blog | Analysis of advanced phishing techniques and their mitigation\" \/>\n<meta property=\"og:description\" content=\"By Guillermo Pereyra Phishing is no longer limited to using easily identifiable emails or links as attack vectors. Although these techniques are still in use, modern attacks aim to evade more robust security measures, such as two-factor authentication (2FA) or session cookie hijacking. This article will look at how these advanced phishing techniques work and [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/lacnic\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-19T17:08:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-20T15:35:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Gianni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\"},\"author\":{\"name\":\"Gianni\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\"},\"headline\":\"Analysis of advanced phishing techniques and their mitigation\",\"datePublished\":\"2026-01-19T17:08:43+00:00\",\"dateModified\":\"2026-01-20T15:35:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\"},\"wordCount\":1142,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp\",\"keywords\":[\"Cibersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\",\"url\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\",\"name\":\"LACNIC Blog | Analysis of advanced phishing techniques and their mitigation\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp\",\"datePublished\":\"2026-01-19T17:08:43+00:00\",\"dateModified\":\"2026-01-20T15:35:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp\",\"width\":680,\"height\":330},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/blog.lacnic.net\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Analysis of advanced phishing techniques and their mitigation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.lacnic.net\/#website\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"name\":\"LACNIC Blog\",\"description\":\"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.\",\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.lacnic.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/blog.lacnic.net\/#organization\",\"name\":\"LACNIC Blog\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"caption\":\"LACNIC Blog\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/lacnic\",\"https:\/\/x.com\/lacnic\",\"https:\/\/www.instagram.com\/lacnic\/?hl=es-la\",\"https:\/\/uy.linkedin.com\/company\/lacnic\",\"https:\/\/www.youtube.com\/user\/lacnicstaff\",\"https:\/\/www.lacnic.net\/podcast\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\",\"name\":\"Gianni\",\"url\":\"https:\/\/blog.lacnic.net\/en\/author\/gianni\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC Blog | Analysis of advanced phishing techniques and their mitigation","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/","og_locale":"en_US","og_type":"article","og_title":"LACNIC Blog | Analysis of advanced phishing techniques and their mitigation","og_description":"By Guillermo Pereyra Phishing is no longer limited to using easily identifiable emails or links as attack vectors. Although these techniques are still in use, modern attacks aim to evade more robust security measures, such as two-factor authentication (2FA) or session cookie hijacking. This article will look at how these advanced phishing techniques work and [&hellip;]","og_url":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/","og_site_name":"LACNIC Blog","article_publisher":"https:\/\/facebook.com\/lacnic","article_published_time":"2026-01-19T17:08:43+00:00","article_modified_time":"2026-01-20T15:35:18+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","type":"image\/webp"}],"author":"Gianni","twitter_card":"summary_large_image","twitter_creator":"@lacnic","twitter_site":"@lacnic","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#article","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/"},"author":{"name":"Gianni","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab"},"headline":"Analysis of advanced phishing techniques and their mitigation","datePublished":"2026-01-19T17:08:43+00:00","dateModified":"2026-01-20T15:35:18+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/"},"wordCount":1142,"commentCount":0,"publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","keywords":["Cibersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/","url":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/","name":"LACNIC Blog | Analysis of advanced phishing techniques and their mitigation","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","datePublished":"2026-01-19T17:08:43+00:00","dateModified":"2026-01-20T15:35:18+00:00","breadcrumb":{"@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.lacnic.net\/en\/advanced-phishing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#primaryimage","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","width":680,"height":330},{"@type":"BreadcrumbList","@id":"https:\/\/blog.lacnic.net\/en\/advanced-phishing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/blog.lacnic.net\/en\/"},{"@type":"ListItem","position":2,"name":"Analysis of advanced phishing techniques and their mitigation"}]},{"@type":"WebSite","@id":"https:\/\/blog.lacnic.net\/#website","url":"https:\/\/blog.lacnic.net\/","name":"LACNIC Blog","description":"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.","publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.lacnic.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blog.lacnic.net\/#organization","name":"LACNIC Blog","url":"https:\/\/blog.lacnic.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","caption":"LACNIC Blog"},"image":{"@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/lacnic","https:\/\/x.com\/lacnic","https:\/\/www.instagram.com\/lacnic\/?hl=es-la","https:\/\/uy.linkedin.com\/company\/lacnic","https:\/\/www.youtube.com\/user\/lacnicstaff","https:\/\/www.lacnic.net\/podcast"]},{"@type":"Person","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab","name":"Gianni","url":"https:\/\/blog.lacnic.net\/en\/author\/gianni\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2026\/01\/cybersecurity-warning-padlock-red-exclamation-mark-copia.webp","jetpack_sharing_enabled":true,"wpml_current_locale":"en_US","wpml_translations":[{"locale":"es_ES","id":32204,"post_title":"An\u00e1lisis de t\u00e9cnicas avanzadas de phishing y su mitigaci\u00f3n","slug":"phishing-avanzado","href":"https:\/\/blog.lacnic.net\/phishing-avanzado\/"},{"locale":"pt_BR","id":32226,"post_title":"An\u00e1lise de t\u00e9cnicas avan\u00e7adas de phishing e suas medidas de mitiga\u00e7\u00e3o","slug":"phishing-avancado","href":"https:\/\/blog.lacnic.net\/pt-br\/phishing-avancado\/"}],"_links":{"self":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/32219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/comments?post=32219"}],"version-history":[{"count":13,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/32219\/revisions"}],"predecessor-version":[{"id":32263,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/32219\/revisions\/32263"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media\/32214"}],"wp:attachment":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media?parent=32219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/categories?post=32219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tags?post=32219"},{"taxonomy":"archivo","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/archivo?post=32219"},{"taxonomy":"taxonomy-authors","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/taxonomy-authors?post=32219"},{"taxonomy":"tipo_autor","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tipo_autor?post=32219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}