Phishing has changed. It now rides real threads, impersonates vendors, abuses OAuth prompts, and often arrives without a single obvious link. In this session we break down how these attacks bypass default filters, then match each tactic to defenses you can deploy fast. We will cover domain alignment basics that actually matter, mailbox rule audits that catch quiet persistence, safe payment verification flows, user prompts that reduce risky clicks, and a light triage framework that fits a small team. We will also show short, safe demos from test Gmail and Outlook tenants that illustrate thread hijacking, vendor impostor fraud, OAuth consent abuse, and linkless lures, along with the red flags to look for and the controls that stop them. The talk is vendor neutral and practical. You will leave with a one page checklist and examples you can reuse in training.