---
title: "Phishing Attacks Now Coming in Stages | Phish Protection"
description: "Phishing Attacks Now Coming in Stages: It never ceases to amaze how clever hackers are or how far they"
image: "https://phishprotection.com/og/blog/phishing-attacks-now-coming-in-stages.png"
canonical: "https://phishprotection.com/blog/phishing-attacks-now-coming-in-stages/"
---

Quick Answer

It never ceases to amaze how clever hackers are or how far they'll go to phish someone. \_Whenever they find a flaw in their attack methodology, eventually, they figure out a way to overcome it\_.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-now-coming-in-stages%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Attacks%20Now%20Coming%20in%20Stages&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-now-coming-in-stages%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-now-coming-in-stages%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-now-coming-in-stages%2F&title=Phishing%20Attacks%20Now%20Coming%20in%20Stages "Share on Reddit") [ ](mailto:?subject=Phishing%20Attacks%20Now%20Coming%20in%20Stages&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-now-coming-in-stages%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/09/phishing-prevention-software-7652.jpg) 

It never ceases to amaze how clever hackers are or how far they’ll go to phish someone. _Whenever they find a flaw in their attack methodology, eventually, they figure out a way to overcome it_.

Normally, a phishing attack will try and lure victims to a website to steal their credentials. The phishing website is typically a single, static webpage. In other words, everyone who ends up on that page sees the same page. The problem for hackers is that once this one webpage is identified as a phishing page, word gets out and that site gets blocked by **anti-phishing technology** pretty quickly.

Now, one of the newest campaigns, called _Heatstroke_, has figured out a way around that with a **multistage phishing attack**. _Heatstroke invokes two clever techniques to bypass [anti-phishing solution](/)_. First, it doesn’t send victims to the phishing website right away. It sends them to a legitimate one initially and then redirects them to the phishing site after that. Second, and this is where things get really clever, the first site they send victims to varies for different users. That’s clever!

Heatstroke uses a three-stage approach, according to the[ research](https://blog.trendmicro.com/trendlabs-security-intelligence/heatstroke-campaign-uses-multistage-phishing-attack-to-steal-paypal-and-credit-card-information/) done by Trend Micro. “The attacker sends a phishing email asking the user to verify his account. The email is sent from a legitimate domain to avoid being blocked by **spam filters**. The user is redirected to a first-stage website, which varies. The first-stage website redirects the user to a second-stage site. This stage is for validation. Once all the checks are done, the user is diverted to a third-stage website, which is the **actual phishing site**.”

![Phishing prevention software](https://media.mailhop.org/phishprotection/images/2019/09/phishing-prevention-software-7652.jpg) 

Companies targeted by **Heatstroke** so far include Amazon and [Paypal](https://cyware.com/news/newly-discovered-heatstroke-phishing-campaign-targets-victims-to-steal-paypal-credentials-and-credit-card-information-51fe4dcc). _The scary thing is that this exploit is available online as a phishing kit_. So, you can expect other companies to be targeted in the future.

So, what should you do to defend yourself from these new, multistage phishing attacks? First, you should get awareness training which can make you aware of the newest exploits like Heatstroke. Next, you should still deploy **anti-phishing technology** like[ Phish Protection](/) with [Advanced Threat Defense](/products/advanced-threat-defense/), which will protect you from most of the advanced phishing attacks.

Finally, _you should learn to recognize the telltale signs of being phished_. For instance, if you find yourself having to log in twice, anywhere, that’s a clue that you just got phished.

_Attackers never stop evolving, which means you need to be vigilant about protecting yourself_. Get [phishing protection](/content/phishing-prevention/) services. Stay alert, stay up today and stay safe.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Attacks Now Coming in Stages","description":"Phishing Attacks Now Coming in Stages: It never ceases to amaze how clever hackers are or how far they'll go to phish someone. Whenever they find a flaw in.","url":"https://phishprotection.com/blog/phishing-attacks-now-coming-in-stages/","datePublished":"2019-09-06T07:46:23.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-09-06T07:46:23.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-attacks-now-coming-in-stages/"},"articleSection":"foundational","keywords":"Phishing","wordCount":425,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/09/phishing-prevention-software-7652.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Attacks Now Coming in Stages","item":"https://phishprotection.com/blog/phishing-attacks-now-coming-in-stages/"}]}
```