Why trust Greenbot
Hackers have learned to hide their phishing pages from everyone except their targets. A new phishing technique called “precision-validated credential theft” appeared this week, letting hackers target specific accounts while avoiding security detection.
Security researchers from Cofense Intelligence first spotted this technique on April 9, 2025. It works by checking entered email addresses against lists that hackers already have. If someone types an email address not on their list, they’ll see an error message or get sent to a legitimate website like Wikipedia.
Cofense Intelligence found two main ways hackers check emails. Some phishing kits integrate legitimate email verification APIs. Others deploy JavaScript-based scripts that ping attacker servers to check if the email matches their pre-made list.
These attacks create big problems for security teams who normally study phishing by entering test credentials. When phishing pages reject unrecognized emails, this strategy becomes ineffective.
Even when security experts try using a real target’s email, many campaigns now send verification codes to that person’s inbox, blocking further investigation. This prevents security teams from accessing the actual phishing content.
Johannes Ullrich from the SANS Institute explained that old detection methods aren’t working against this approach. “This is very difficult to defend against,” he said. “The only real solution is to move away from traditional credentials to phishing-safe authentication methods like Passkeys.”
The technique also makes sharing threat information harder since not everyone can see the malicious content. URL scanning tools might fail to flag these pages as threats since they look normal to most visitors.
Security experts suggest companies use behavior analysis and anomaly detection to catch these attacks before they reach users. David Shipley, head of Beauceron Security, stressed how important it is for employees to report suspicious emails, noting, “You can have a false sense of security if you’re running a large enterprise and say, ‘We stopped 950,000 phishing emails this month.’ But the 500 that got through could really sink the battleship.”
Marie Mamarii from Cofense called the ongoing security battle “a relentless game of cat and mouse” where defenders must constantly adjust to new tricks.
As attackers improve their methods, security teams must develop new ways to detect these more targeted attacks.
