--- title: "New Phishing Technique is Really Hard to Detect | DuoCircle" description: "The one thing you could always count on with a phishing page is that something would give it away as a phishing page." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/" --- Quick Answer A phishing campaign reported by CPO Magazine overlays a fake login pop-up on top of the real corporate website. The victim clicks a link in a phishing email, lands on the legitimate company site, and sees a fake Outlook login overlay claiming the session timed out. The fake panel is pre-populated with the victim's email address for added trust, and clicking outside the overlay still interacts with the real page, so traditional fake-page indicators aren't there. Because the destination is a real site, user training and visual inspection don't reliably catch this. The only defense is to stop the link in the email from being clicked in the first place, which requires real-time link scanning at the email layer, such as DuoCircle Phishing Protection. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fnew-phishing-technique-is-really-hard-to-detect%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=New%20Phishing%20Technique%20is%20Really%20Hard%20to%20Detect&url=undefined%2Fblog%2Fphishing-protection%2Fnew-phishing-technique-is-really-hard-to-detect%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fnew-phishing-technique-is-really-hard-to-detect%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fnew-phishing-technique-is-really-hard-to-detect%2F&title=New%20Phishing%20Technique%20is%20Really%20Hard%20to%20Detect "Share on Reddit") [ ](mailto:?subject=New%20Phishing%20Technique%20is%20Really%20Hard%20to%20Detect&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fnew-phishing-technique-is-really-hard-to-detect%2F "Share via Email") ![DuoCircle blog post image](https://media.mailhop.org/duocircle/images/2020/09/SMTP-email-2039.jpg) _The one thing you could always count on with a phishing page is that something would give it away as a phishing page_. After all, it’s not the real page, so there must be something different about it. Protecting yourself from a **phishing attack** simply came down to being able to identify the clue that gave away the web page as a **phishing page**. But what _if attackers could find a way to phish you with the legitimate page you actually intend to visit_? There wouldn’t be any clues giving it away as a fake page because it isn’t. That would be a problem, and unfortunately that problem has become reality. According to an [article](https://www.cpomagazine.com/cyber-security/attackers-load-targeted-companys-homepage-in-email-phishing-campaign/) on CPO Magazine, “_attackers conducted a successful **phishing campaign** against enterprise users by overlaying legitimate web pages with fake login pop-ups_. The phishing campaign _exploited Microsoft Outlook enterprise email quarantine policies to lure victims into disclosing their login details_.” Of course, _the phishing exploit starts with a **phishing link** in an email_. But, “by clicking the link, employees were redirected to a legitimate company website with an Outlook email login screen. The attackers, however, overlay the company’s web page with a fake login panel, which prompted the user to log in with their company account because their session had timed out. _The threat actor also conveniently populated the fake login panel with the user’s email address to gain more trust_. Additionally, the victim could also click outside the overlay and interact with the legitimate page.” _A legitimate website partially overlaid with a fake login panel._ Now, that’s going to be **hard to detect**. What’s the secret to protecting yourself from such a sophisticated attack? You must catch the scam before the bogus link in the email is clicked. That link in the email is the only clue that gives away the scam. _How do you detect that malicious link in the email before you click it?_ With [Phishing Protection](/email/phishing-protection) from DuoCircle. [![Phishing Protection](https://media.mailhop.org/duocircle/images/2020/09/hosted-email-server-2040.jpg)](https://media.mailhop.org/duocircle/images/2020/09/hosted-email-server-2040.jpg) **Phishing Protection** is _cloud-based email security with real-time link scanning technology_. Its primary job is to check out links in emails to see if there’s something phishy about them. If there is, they get quarantined and never make it into your inbox. And _if they never make it to your inbox, you can’t click on the link_, which means you’ll never see a hard-to-detect **phishing page**, so it can’t trick you. _Phishing Protection requires no hardware, no software and no maintenance_. It sets up in 10 minutes, works with all major email providers and costs only **pennies per user per month**. _The phishing pages are going to get harder to detect_, especially when they’re not actually phishing pages. The only chance you have is to keep from visiting those pages in the first place, and the best way to do that is with Phishing Protection. Try it **risk free for 30 days**. ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Phishing 11m AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[ Phishing 5m 10 Applications of ChatGPT that Hackers Are Already Exploiting May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[ Phishing 4m 65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[ Phishing 9m 7 Ways to Protect Your Organization from Email-based Ransomware Attacks Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"New Phishing Technique is Really Hard to Detect","description":"The one thing you could always count on with a phishing page is that something would give it away as a phishing page.","url":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/","datePublished":"2020-09-18T16:18:13.000Z","dateModified":"2025-04-21T16:05:49.000Z","dateCreated":"2020-09-18T16:18:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/"},"articleSection":"phishing-protection","keywords":"","wordCount":478,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/09/SMTP-email-2039.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"New Phishing Technique is Really Hard to Detect","item":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"New Phishing Technique is Really Hard to Detect","item":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"New Phishing Technique is Really Hard to Detect","description":"The one thing you could always count on with a phishing page is that something would give it away as a phishing page.","url":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/","datePublished":"2020-09-18T16:18:13.000Z","dateModified":"2025-04-21T16:05:49.000Z","dateCreated":"2020-09-18T16:18:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/new-phishing-technique-is-really-hard-to-detect/"},"articleSection":"phishing-protection","keywords":"","wordCount":478,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/09/SMTP-email-2039.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```