Royal Mail phish deploys evasion tricks to avoid analysis
When you click the link to visit the fake Royal Mail page, there’s a fair bit of code for detecting potential VM use. It tests for WebGL renders and whether site visitors have a display or not.