Phishing Threat Trends Report evaluates attacks from more than 3,000 unique threat actors
KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, today announced new research, Phishing Threat Trends Report Volume Seven. The report finds a seismic shift in the attack vectors utilized to conduct phishing attacks, including touchpoints outside of traditional email communication such as calendar invitations and messaging tools.
“The inbox is no longer the only front line for coordinated social engineering attacks,” said Jack Chapman, SVP of Threat Intelligence, KnowBe4. “Cybercriminals are actively broadening the email threat landscape. As businesses rely on tools for real-time collaboration, cybercriminals have added this to their attacks, along with targeting people’s calendars. This attack method targets people and technology together.”
Key findings from the report include the following revelations from the last six months:
- 86% of phishing attacks were AI driven
- 49% increase in calendar invite phishing
- 139% surge in the use of Reverse Proxies as a tool to steal Microsoft 365 credentials
- 41% escalation in Microsoft Teams attacks
- A new trend shifting from single-vector attacks to multi-channel orchestration
- More targeted social engineering was discovered, exemplified by internal team impersonation which was seen in 30% of attacks from threat actors in Q1 2026
“Social engineering is becoming more targeted, making it more difficult to discern what is legitimate versus what is malicious,” said Chapman. “The Phishing Threat Trends Report volume seven finds that phishing in 2026 is disciplined, persistent, multi-channel and increasingly AI-enabled. As cybercriminals expand their attack channels and evolve their tactics, we must focus our protection efforts on securing humans and the AI agents they utilize.”
Download the 2026 KnowBe4 Phishing Threat Trends Report Volume Seven.