In a rapidly evolving cyber threat landscape, KnowBe4 has revealed alarming new insights in its latest Phishing Threat Trends Report Volume Seven. The report highlights a major transformation in phishing strategies, showing that cybercriminals are no longer relying solely on traditional email-based attacks. Instead, they are increasingly targeting multiple communication channels, including calendar invitations and workplace messaging platforms.
To begin with, the findings confirm that phishing tactics have grown more advanced and diversified. Attackers now exploit real-time collaboration tools, making it harder for organizations to detect and prevent threats. As businesses continue to adopt digital collaboration platforms, threat actors are leveraging these tools to expand their reach and effectiveness.
“The inbox is no longer the only front line for coordinated social engineering attacks,” said Jack Chapman, SVP of Threat Intelligence, KnowBe4. “Cybercriminals are actively broadening the email threat landscape. As businesses rely on tools for real-time collaboration, cybercriminals have added this to their attacks, along with targeting people’s calendars. This attack method targets people and technology together.”
Moreover, the report uncovers a significant increase in AI-powered phishing campaigns. Over the past six months, 86% of phishing attacks were driven by artificial intelligence, marking a substantial shift toward automation and precision targeting. This surge demonstrates how attackers are using AI to craft more convincing and personalized messages, thereby increasing the likelihood of success.
In addition, phishing attempts through calendar invitations have risen sharply by 49%, signaling a new and often overlooked entry point for cyberattacks. At the same time, attackers have intensified their use of reverse proxy techniques, which have surged by 139%, particularly to steal credentials from platforms like Microsoft 365. These techniques allow attackers to intercept login information in real time, making detection even more challenging.
Furthermore, attacks on collaboration tools such as Microsoft Teams have increased by 41%, reflecting a broader trend toward exploiting workplace communication systems. This shift underscores how attackers are moving beyond single-channel attacks and adopting multi-channel orchestration strategies to maximize their impact.
Another concerning trend highlighted in the report is the rise of targeted social engineering. For instance, internal team impersonation accounted for 30% of attacks observed in the first quarter of 2026. This method involves attackers posing as trusted colleagues, which significantly increases the chances of deceiving employees.
“Social engineering is becoming more targeted, making it more difficult to discern what is legitimate versus what is malicious,” said Chapman. “The Phishing Threat Trends Report volume seven finds that phishing in 2026 is disciplined, persistent, multi-channel and increasingly AI-enabled. As cybercriminals expand their attack channels and evolve their tactics, we must focus our protection efforts on securing humans and the AI agents they utilize.”
Overall, the report emphasizes that phishing threats are becoming more sophisticated, coordinated, and technology-driven. Consequently, organizations must adapt their cybersecurity strategies to address both human vulnerabilities and the growing role of AI in cyberattacks. Strengthening awareness, enhancing security frameworks, and adopting multi-layered defense mechanisms will be essential to combat these emerging threats effectively.
Source- Businesswire
Recommended Cyber Technology News:
- Atos Launches Integrated Digital Sovereignty Offering
- Milestone Boosts Security Ops With XProtect 2026 R1
- GigSafe CXT Integration Advances Data-Driven Compliance
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
