KnowBe4 Unveils Groundbreaking Phishing Threat Trends in New Research
KnowBe4, a prominent provider in digital workforce security, has released its latest research document, the Phishing Threat Trends Report Volume Seven. This report highlights a transformational shift in the tactics employed by cybercriminals conducting phishing attacks. Notably, these attacks are moving beyond traditional email channels to include various other communication platforms, such as calendar invitations and popular messaging applications.
Jack Chapman, the Senior Vice President of Threat Intelligence at KnowBe4, emphasizes this shift in his statement, noting, “The inbox is no longer the only front line for coordinated social engineering attacks.” This statement underscores a crucial development in cybersecurity, suggesting that as organizations increasingly utilize real-time collaboration tools, cybercriminals have adapted their strategies to exploit these platforms, thereby expanding the digital threat landscape. Furthermore, Chapman’s observations indicate that these new tactics are not only targeting technology but also the individuals utilizing them, presenting a multifaceted challenge for organizations striving to maintain cybersecurity.
According to the report, the last six months have witnessed significant trends in phishing attacks. Here are some of the salient findings:
- A staggering 86% of phishing attacks are now driven by artificial intelligence (AI).
- There has been a 49% increase in phishing attempts leveraging calendar invitations as a means of deception.
- The use of Reverse Proxies to hijack Microsoft 365 credentials has surged by 139%.
- Attacks targeting Microsoft Teams have escalated by 41%.
- There is a notable shift from single-vector attacks toward multi-channel orchestration, making it increasingly complex for organizations to defend against these threats.
- The report also identifies a more targeted form of social engineering, illustrated by instances of internal team impersonation, which was documented in 30% of attacks by threat actors during the first quarter of 2026.
Chapman highlights the growing sophistication of social engineering tactics, stating, “Social engineering is becoming more targeted, making it more difficult to discern what is legitimate versus what is malicious.” This perspective sheds light on the evolving nature of phishing threats as they become increasingly complex and nuanced.
The findings indicate a disciplined and persistent approach from cybercriminals, who are leveraging AI capabilities to enhance their phishing strategies. This has led to an expansion in both the channels used for phishing attempts and the tactics employed, warranting heightened awareness and vigilance from individuals and organizations alike. As these threats evolve, Chapman advocates for a dual approach to cybersecurity training that encompasses both human security practices and the security of AI agents that organizations increasingly incorporate into their workflows.
Organizations are urged to adopt a proactive stance in protecting themselves against these multifaceted threats. By focusing on cybersecurity training initiatives and enhancing the security measures surrounding collaborative tools, businesses can better equip their workforce to recognize and respond to phishing attempts.
The report, available for download, provides deeper insights into the trends shaping the landscape of phishing in 2026. It reflects KnowBe4’s commitment to helping organizations understand and combat the looming threats posed by cybercriminals.
The new report aligns with previous initiatives from KnowBe4, including the recent launch of an AI agent designed to personalize security awareness assessments. As the digital landscape continues to evolve, the importance of comprehensive cybersecurity approaches becomes increasingly apparent.
For those interested in enhancing their understanding of the current phishing threat landscape, the 2026 KnowBe4 Phishing Threat Trends Report Volume Seven is available for download here. The urgency of addressing these threats cannot be overstated, as organizations must continuously adapt their strategies to safeguard against the ever-evolving tactics employed by cybercriminals.
The findings from KnowBe4 underscore a pressing need for vigilance in cybersecurity practices and highlight the importance of staying informed about emerging threats.