Why phishing still works today

In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it.

He outlines how phishing now uses HTTPS, branded pages, and lookalike domains, making attacks harder to spot. He highlights communication overload as a key weakness that attackers exploit.

Livschitz reviews QR phishing, where codes inside PDFs bypass link scanning tools. He explains how attackers use redirects and short lived links to avoid detection. He advises including QR scenarios in training and strengthening mobile protection.

He then discusses MFA fatigue attacks, where repeated push requests pressure users into approval. He recommends number matching, location context, and push rate monitoring.

Finally, he covers AI generated phishing and voice cloning, which allow attackers to create convincing messages and calls using public data.

Webinar: The True State of Security 2026