Skip to main content

Manchester Evening News

Email users warned act 'immediately' over multiple computer prompts

Cybersecurity experts are tracking the latest developments in phishing and have flagged five little-known tactics that even experienced users often miss

Comments
Kieran Isgin Money & Lifestyle writer
05:10, 10 Jun 2025
Confident young freelancer using laptop
Anyone with an email could be at risk of malicious attacks(Image: Getty Images)

Anyone who uses an email for work or personal use has been warned over a phishing technique. It comes after the government's latest cyber security breaches survey revealed that more than four in ten businesses reported experiencing some kind of cyber security breach or attack in 2024/25.

It highlighted that among these incidents, phishing attacks were the most prevalent type - with 85% of attacks experienced by businesses being attributed to this. Phishing is a type of cyber attack in which an email or some other illegitimate message is sent to a person or company pretending to be some other person or entity in an attempt to steal private passwords, banking information, or some other form of private information.


One technique in particular should be acted on 'immediately'. This is multiple multi-factor authentication (MFA) push notifications.


"The biggest risk today is overconfidence," warns Vlad Cristescu, Head of Cybersecurity at ZeroBounce. "No matter how experienced you are, if you stop questioning what lands in your inbox – or your calendar – you’re vulnerable. Awareness must evolve as fast as the threats do. Always verify the sender’s email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags like spelling errors or unusual formatting. These small checks can make the difference between staying secure and falling for a well-crafted scam."

ZeroBounce's cybersecurity experts highlighted five lesser-known strategies used by criminals that can often go unnoticed even by experienced users. Below are the essential threats and ways professionals can stay a step ahead.

Fake log-in requests

After acquiring log-in details, fraudsters send multiple multi-factor authentication (MFA) push notifications, then email posing as IT support, coaxing victims to 'just approve one' notification to cease the constant alerts.

Article continues below

"This is psychological warfare more than technical trickery. It's more about psychological warfare than technical trickery," explains Cristescu. "It exploits a user's frustration and trust in IT. If you're receiving multiple MFA prompts you didn't initiate, that's not a glitch – it's an attack.

"Pause, don't approve, and escalate it immediately. "

Rise of linkless phishing

Phishing emails now often contain no links or attachments – instead, they include short messages such as "Are you free for a quick call?" or "Can you help me with this task?" aimed at completely bypassing filtering systems and initiating real-time scams over the phone or through a response.


"People are trained to spot suspicious links, but attackers have adapted by removing them altogether," notes Vlad. "Once you reply, they exploit the situation by pretending to be a colleague or executive. Before responding, if anything seems amiss, double-check using a different communication method."

Dodgy HTML attachments

Some phishing emails now conceal their payloads within a simple HTML attachment that opens in your browser and imitates a login screen. These can be particularly deceptive as they resemble invoices, shared documents, or secure notifications.

"Users think, 'It's just an HTML file, what harm could it do?'", notes Vlad. "But one click can open a cloned login page that captures your credentials instantly.


"Companies should limit HTML attachments unless necessary, and users should treat unfamiliar HTML files the same way they'd treat a suspicious link - don't open it unless you're absolutely sure of the sender. "

Calendar invites

"Attackers are now sending meeting requests with malicious links embedded in the invite or 'join' button. These invitations sync directly into calendars and often go unquestioned.

"Calendar invites carry this built-in credibility – they're not usually scrutinised like emails," Cristescu explains. "But if you're getting meeting requests from unknown senders, or vague event titles like 'Sync' or 'Project Review,' treat those just like a phishing email.

Article continues below

"Disable auto-accept where possible and review every invite. " Vlad warns that modern phishing is strategic and the more it appears like business as usual, the more perilous it becomes.

Follow Manchester Evening News:

Technology

reach logo

At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the "Do Not Sell or Share my Data" button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Cookie Notice.