There was a time not long ago when victims of phishing attacks were considered stupid. But now that the general population is becoming more aware of the phishing problem, the “pool of stupidity” is shrinking. Easy prey is becoming more difficult to find, so phishing is evolving to new levels of sophistication. Attacks using OAuth, Data URI, PDF credential phish, and PunyCode are now so difficult to detect, even security administrators themselves are falling victim.