Keepnet Adds Phishing Data to 2026 Verizon Data Breach Investigation Report

Post Views: 7

Phone-Centric Phishing Attacks Outpace Awareness Measurement

The 2026 Verizon Data Breach Investigations Report (DBIR) has shed light on the increasing prevalence of phone-centric phishing attacks, which have outpaced traditional awareness measurements.

Rise of Phone-Centric Phishing Attacks

Phishing has evolved beyond email-based attacks, with attackers now combining voice, SMS, and social engineering tactics to create complex campaigns. These campaigns often involve a phone call followed by an SMS message, making it difficult for victims to discern reality from simulation.

According to the 2026 DBIR, phone-centric phishing simulations have shown a median click rate of 2%, significantly higher than the 1.4% rate seen in email-based simulations.

This trend indicates that phone-centric phishing attacks are becoming increasingly effective, and security measures must adapt accordingly.

Growing Concerns and Challenges

Attackers have shifted their focus from email to phone-centric phishing, taking advantage of the fact that most awareness programs are still geared towards detecting email-based threats. This shift has resulted in a significant gap between what is measured and what is being exploited, leaving security teams struggling to keep pace.

One of the main concerns is that most awareness programs are still focusing on email-based phishing simulations, leaving phone-centric phishing largely untested.

Consequences of Neglecting Phone-Centric Phishing Attacks

The consequences of neglecting phone-centric phishing attacks can be severe, as seen in the case of MGM Resorts, which suffered a $100 million loss due to a phone-centric phishing attack in September 2023.

Addressing Phone-Centric Phishing Attacks

Security teams face a challenging task in addressing phone-centric phishing attacks, as they require a different approach than traditional email-based phishing simulations. Verifying information in real-time becomes crucial, and repetition under realistic conditions is essential for building resilience.

Specialized Services for Addressing Phone-Centric Phishing Attacks

In response to this growing threat, some organizations are turning to specialized services like Keepnet, which offers voice and SMS phishing simulations to help businesses test their defenses and improve their awareness programs.

Conclusion

The 2026 DBIR highlights the need for security teams to prioritize phone-centric phishing awareness and develop strategies to address this emerging threat. By doing so, they can better protect themselves and their organizations from the increasing risks posed by phone-centric phishing attacks.