Malicious email campaigns rarely aim for the spotlight, yet this year delivered a lineup that was impossible to ignore. From recycled lures to Oscar-worthy impersonations, 2025’s behaviorally manipulative phishing class truly outdid itself.

Among the countless threats Abnormal AI intercepted in 2025, a select few surfaced as especially deceptive—showcasing how adversaries continue to evolve and weaponize human behavior. And while we’re not in the business of celebrating attackers, a handful of campaigns were so audacious that they earned some unwelcome recognition.

So, for the first time ever, we’re distilling the year’s most brazen attempted inbox intruders into Abnormal’s Security Superlatives: The Phishiest Attacks and Boldest Offenders of 2025.

DKIM replay + OAuth app-name abuse turns a Google alert into the lure

There’s “convincing,” and then there’s DKIM-signed convincing. In this campaign, threat actors exploited a DKIM limitation to replay a legitimate Google security alert—unaltered—while the phishing lure (including the malicious URL) lived in the OAuth app name. The result was a message that passed authentication and arrived looking impeccably real.

The flow was as audacious as it was simple:

1. Register an OAuth app with a lure embedded in the app name

2. Trigger a DKIM-signed alert by granting access

3. Replay the exact message through trusted infrastructure so the original DKIM signature remains valid

SPF, DKIM, and DMARC all passed in the early hops, and even though Microsoft later failed DKIM and DMARC, the ARC (Authenticated Received Chain) preserved those earlier authentication results—signals that some downstream systems may still trust. One click on “Check activity” led to a phishing page on Google Sites that mimicked a support portal, and from there, a pixel-perfect Google sign-in clone.

Why it won: It proved that “authenticated” doesn’t always mean “legitimate.” A real Google DKIM signature did the attackers’ work for them, delivering a phishing email wrapped in brand credibility.

Why it mattered: When the “real” signals can be turned against recipients, rule-based checks and brand reputation cease to be enough.

How it’s stopped: Abnormal’s behavioral AI isn’t lulled by the comfort of clean DKIM and focuses on sender identity, message intent, and deviations from normal communication patterns, flagging the oddities that signatures cannot bless.

Flask-based Docusign kit with dynamic branding and verification challenges

Some campaigns arrive with the theatrical flair of a well-produced play. This one used Flask to stage a multi-act credential theft with verification codes, dynamic branding, and clean session control.

The lure impersonated Docusign; the site lived on a reputable cloud platform commonly used for business deployments; logos and styling were pulled on the fly via Kickfire; and known bots—including search engine crawlers and security scanners—were met with HTTP 403 errors at the door. Credentials exited the stage via SMTP through a compromised business account, giving the stolen data a valid, trusted delivery path.

It wasn’t novel tooling so much as industrialization: open-source framework, templated flows, rate limiting, and just enough polish to present a webmail portal that looked legitimate.

Why it won: A method act so convincing that it tricked humans and locked out the crawlers built to catch it.

Why it mattered: Commodity frameworks, trusted hosting, and smart evasion tactics form a combination most legacy detection tools weren’t built to catch.

How it’s stopped: Behavioral analysis identifies misalignment between brand, sender, and request. It also detects unusual link destinations and session patterns, prioritizing behavioral intent and anomalies over static indicators.

Fake Teams invite leading to malicious OAuth consent and persistent access

Calendar invites enjoy a rare privilege in corporate life: near-zero skepticism. This campaign exploited the goodwill with Teams-branded reminders that passed SPF, DKIM, and DMARC. The bogus invites first redirected targets to a fake Microsoft login page hosted on a compromised Azure Web App and then funneled them to a Microsoft OAuth consent page for an unverified app charmingly titled “Please Confirm Attendance – Meeting Request.” Granting access handed over OAuth-issued, persistent API access—no passwords required, MFA politely sidelined.

The redirect chain started with a familiar Microsoft endpoint before landing on a compromised Azure Web App, reinforcing plausibility. Once consent was granted, attackers could read mailboxes, impersonate the user for lateral phishing, and exfiltrate data with the kind of persistence that outlives password resets.

Why it won: It’s hard to believe, but sometimes the most nightmarish work meeting is the one that was never real.

Why it mattered: OAuth abuse operates inside trusted identity flows where most email security stops. The consent screen isn’t a login page; it’s an authorization gateway.

How it’s stopped: Abnormal correlates invite context, sender reputation, redirect behavior, and consent patterns, and—critically—remediates malicious calendar artifacts left behind when the message is gone.

Law-firm invoice fraud with a fabricated email chain and Canva-built collateral

This was social engineering with the confidence of a closing argument. Attackers impersonated a global law firm and a company executive, stitched a credible back-and-forth thread, and attached an overdue invoice, professionally styled right down to the Canva provenance.

The domain was a lookalike registered days before, the origins were geographically off, and the reply-to didn’t quite match. But the story told by the attackers exploited the timeliness and sensitivity of the request. After all, what company wants to be late in processing legal invoices?

The sleight of hand lay in procedural plausibility: correct names, credible approvals, and a thread long enough to discourage scrutiny. It’s hard to argue with paperwork that appears to have already been argued about.

Why it won: Not for subtlety, but for sheer narrative force. When the story is coherent and the details are right, employees are less likely to scrutinize vendor communications.

Why it mattered: Payments happen at the intersection of urgency and authority…precisely where vendor impersonation thrives.

How it’s stopped: Behavioral AI detects the abnormalities beyond the neat narrative: new domains claiming old relationships, language and workflow that don’t match prior exchanges, and vendor behaviors that diverge from the baseline.

What links these attacks isn’t new code but old-fashioned exploitation of human behavior. Authentication, brand reputation, calendar norms, and familiar vendors all became conduits for deception, turning everyday trust signals into attack surfaces. Static defenses and reputation-based filters struggle to keep up because they rely on the same signals attackers have learned to imitate.

Abnormal’s behavioral AI models every identity and relationship across the organization—mapping communication patterns, content norms, and contextual signals—to flag anomalies that expose intent, no matter how legitimate they appear.

With a growing operational burden placed on security teams, leaders need clarity, prioritization, and confidence that their defenses can handle new attacks at scale. That’s the gap Abnormal fills. By transforming complex behavioral patterns into actionable insight, we help teams cut through noise, focus on what truly matters, and stay ahead of threats that increasingly blend into everyday business.

Abnormal turns behavioral insight into clear, actionable protection against today’s most sophisticated email attacks. To see the impact on your organization, schedule a personalized demo.