Phishing has always been one of the most common online scams, but new reports show attackers are finding more convincing ways to trick both individuals and businesses. Two recent examples highlight just how quickly the landscape is shifting:

• Microsoft 365 Abuse
  Security researchers found criminals misusing a feature called Direct Send to push emails that looked like they came from inside a company. These messages sometimes slipped through Microsoft’s checks and landed in junk folders, where many users still spotted and opened them. Because the emails appeared internal, they looked very authentic and were more likely to fool recipients into clicking harmful links.
• Gmail and Google Cloud Threats
  Another campaign has targeted Gmail users worldwide after attackers accessed data tied to Google systems. While passwords were not exposed, the leak provided enough contact information for criminals to launch convincing phishing attempts. Some users even reported receiving phone calls from impostors pretending to be Google staff, urging them to reset their passwords.

These cases show that phishing so much bigger than random spam. It carefully exploits the trust we place in familiar platforms and names.

What You Can Do to Protect Yourself

• Don’t rely on familiar names alone. Emails that appear to come from coworkers, vendors or even Google itself may be forged. Verify any unusual request through a separate, known channel before acting.
• Be cautious with password resets. No legitimate company will call you out of the blue to demand an immediate reset. If you get such a request, stop and log in directly to the service through its official website.
• Use multifactor authentication. Adding a second step—like a code texted to your phone or a hardware key—makes it far harder for criminals to take over your accounts.
• Run regular security checkups. Both Microsoft and Google offer tools that scan for weak spots in your accounts. Take advantage of these free features.
• Slow down. Most phishing succeeds because people feel rushed. A pause before clicking a link or downloading an attachment can make all the difference.
• Stay informed. Keep up with the latest in cybersecurity and fraud by reading the news, checking our Fraud and Security Center and subscribing to the Pinnacle Fraudcast.

Phishing attacks are growing more sophisticated, and they’re now blending into the very services people rely on every day. The good news is that awareness and good habits remain your best defense.

If you’re unsure about an email or account notice, always err on the side of caution. And if you do end up a victim, you are not alone. Your Pinnacle financial advisor can connect you with resources to safeguard your digital accounts and your financial information.