• Cyber Safety
  • Posts
  • “Invisible Phishing”: HEAT, Redirect Chains & Form Harvesting

“Invisible Phishing”: HEAT, Redirect Chains & Form Harvesting

October 17, 2025

In partnership with

Read newsletters, not spam

Tired of newsletters vanishing into Gmail’s promotion tab — or worse, being buried under ad spam?

Proton Mail keeps your subscriptions organized without tracking or filtering tricks. No hidden tabs. No data profiling. Just the content you signed up for, delivered where you can actually read it.

Built for privacy and clarity, Proton Mail is a better inbox for newsletter lovers and information seekers alike.

HEAT Attacks Are Bypassing Traditional Email Security

Highly Evasive Adaptive Threats (HEAT) deliver phishing via legitimate cloud services or sandbox-detecting malware — bypassing Secure Email Gateways (SEGs) and link filters.

Redirect Chains Hide Malicious Destinations

Phishing kits use layered redirection through trusted domains (e.g., AWS, Google, Medium) to hide the final payload — preventing detection until user interaction.

Zero-Malware Payloads Are the New Normal

Instead of attachments, attackers use HTML forms, fake login pages, or webhook triggers — avoiding traditional virus scans and sandboxing entirely.

Find out why 100K+ engineers read The Code twice a week.

That engineer who always knows what's next? This is their secret.

Here's how you can get ahead too:

  • Sign up for The Code - tech newsletter read by 100K+ engineers

  • Get latest tech news, top research papers & resources

  • Become 10X more valuable

Conditional Payloads Target Specific Roles

Phishing pages adjust based on who clicks: a finance role gets an invoice prompt; HR sees a resume download. This dynamic targeting increases believability.

Credential Harvesting Through Embedded iFrames

Users never leave the browser tab — credential forms appear inside embedded content, making phishing undetectable without deep HTML inspection.

Reputation-Based Filtering Is Losing Effectiveness

Link scanners relying on domain reputation alone are being fooled by temporary hosting, redirect abuse, and time-based activation — needing behavior-based scoring.

Daily News for Curious Minds

Be the smartest person in the room by reading 1440! Dive into 1440, where 4 million Americans find their daily, fact-based news fix. We navigate through 100+ sources to deliver a comprehensive roundup from every corner of the internet – politics, global events, business, and culture, all in a quick, 5-minute newsletter. It's completely free and devoid of bias or political influence, ensuring you get the facts straight. Subscribe to 1440 today.