In early 2026, phishing attacks are still among the top contributors to the true positive detections in security operation centers (SOCs). Adversaries constantly come up with new ways of luring users into traps, concealing their actual intents and stacking anti-detection features. LevelBlue’s Global Threat Operations (GTO) team continuously tracks those behaviors and analyzes how the attacks evolve over months. One of the most recent investigations led to the identification of a previously unseen, niche attack vector that can lead to user account compromise.