What is the biggest phishing trend in 2026?

The mainstreaming of MFA-bypass attack patterns. Adversary-in-the-Middle (AiTM) reverse-proxy phishing and OAuth consent grant abuse moved from elite threat actors into commodity attacker tooling - anyone with a phishing kit can now bypass standard MFA. The defensive answer (phishing-resistant MFA - FIDO2 / passkeys) has rolled out unevenly, leaving most organizations exposed on the gap.

Has AI made phishing harder to detect?

Yes, in two specific ways. First, large-language-model-generated lures eliminated the grammar and spelling errors that traditionally tipped users off - phishing emails now read as fluent native English (or any other language). Second, attackers use AI to research targets and craft pretexts that are believable in context. The combined effect is that the 'check for typos' user-training advice from the 2010s no longer works as a recognition heuristic.

Why has ransomware dwell time compressed so much?

Three factors. First, ransomware-as-a-service kits automate stages 2-4 of the attack chain (credential use -> lateral movement -> encryption deployment), so human attackers spend less time inside victim networks. Second, attackers pre-test payloads against the most-deployed EDR products before launching, reducing the dwell time spent on evasion. Third, the financial incentive favors speed - fast deployment reduces the window during which a SOC could detect and contain. Median dwell time in published incident-response reports has compressed from days to under 24 hours for several active families.

Are collaboration tools really being targeted by phishing now?

Yes and the trend accelerated through 2025-2026. Microsoft Teams external chat, Slack Connect cross-workspace invites, malicious bot installations and DM-style impersonation after account compromise are all active attack patterns. Email gateways do not see this traffic, so the security layer most organizations invested in for two decades doesn't apply. Comprehensive phishing simulation programs in 2026 include collaboration-tool channels alongside email.

How should security awareness training change in response to 2026 trends?

Three concrete changes. (1) Multi-channel: include SMS phishing, voice phishing and collaboration-tool lures alongside email - the threat surface diversified, the simulation surface should match. (2) Difficulty progression: the 'easy' tier of templates needs to retire - modern lures don't have grammar errors. Programs should run mostly regular and hard tier. (3) Behavior-triggered remediation: training that fires the moment a user clicks lands harder than annual all-hands; the dwell-time compression that affects ransomware also means training delays are more costly.

What did NOT change much in phishing in 2026?

Three things stayed remarkably stable. The lure CATEGORIES - Microsoft 365 password expiry, fake DocuSign, fake invoice, fake delivery notification, IT helpdesk impersonation - remained the volume leaders, just with better grammar and AiTM proxies behind them. The user PSYCHOLOGY - urgency, authority, fear of consequence - remained the same social-engineering levers attackers exploit. And email REMAINED the single highest-volume delivery channel, even as SMS and collaboration-tool channels grew. The attack surface diversified, but it did not replace email.

Phishing Trends 2026: What Changed This Year

Phishing Trends 2026: What Changed This Year and What It Means

Each year compresses what used to be multi-year shifts in the phishing threat landscape into a few quarters of practical change. 2026 was no different. The seven trends below are the ones that materially changed how security teams should run phishing simulation programs and identity-layer defenses going into the back half of the year.

Each section links to the deeper read on this site. Together this post is the index for the threat-education cluster.

1. AiTM phishing went fully commodity

Adversary-in-the-Middle reverse-proxy phishing - the pattern that bypasses standard MFA by relaying credential-and-MFA-challenge through a proxy site to the real service in real time - moved from elite threat-actor capability into commodity tooling. Open-source frameworks (Evilginx, Caffeine and successors) made the attack accessible to anyone who can stand up a domain. Phishing kits sold in criminal marketplaces include AiTM by default.

The defensive answer hasn't kept pace. Phishing-resistant MFA (FIDO2 hardware keys, platform passkeys, WebAuthn) defeats AiTM cryptographically - but rollout has been uneven, with most organizations still on TOTP authenticators or SMS for the bulk of users. The MFA bypass piece covers the full pattern; the 2026 update is that the gap between attacker capability and defender adoption widened, not narrowed.

2. AI-generated lures retired the "check for typos" heuristic

The grammar-and-spelling tells that distinguished bad phishing emails from real correspondence are gone. LLM-generated lures read as fluent native text in any language attackers care about. The cost to produce a per-target customized lure dropped to near-zero.

The training-program implication: stop teaching "look for typos" as a phishing-recognition heuristic. It worked in 2018; it doesn't work in 2026. Teach context-checking instead: does the request match what this sender would actually ask, does the URL match what's expected, does the timing make sense. The AI-phishing piece goes deeper.

3. Collaboration-tool phishing crossed the threshold to mainstream

Microsoft Teams external chat phishing, Slack Connect abuse and malicious bot/app installations all crossed from "edge case in incident reports" to "regular feature of incident reports." Most security programs have hardened email for two decades and collaboration tools for zero days; that gap is the work of the next 24-36 months.

The 2026 implication for simulation programs: include Slack/Teams notification-email lures in the rotation at minimum. Mature programs are integrating directly with the platforms via API to send in-product simulations. The collaboration-tool piece covers the five attack patterns and the admin-policy quick wins.

4. Ransomware dwell-time compressed under 24 hours

What used to be days of post-compromise dwell time before ransomware encryption is now often hours. Ransomware-as-a-service automates stages 2-4 of the attack chain. Median dwell time in published incident-response reports (Sophos, Mandiant, CrowdStrike) for several active ransomware families is now under 24 hours.

The defense-strategy implication is fundamental. The 2018 assumption that the SOC had time to detect and contain lateral movement before encryption no longer holds for most organizations. Prevention has to land at the click stage; post-click damage has to be bounded by segmentation, immutable backups and identity-layer Conditional Access. The ransomware-phishing piece walks through the full chain.

5. Cyber insurance underwriting tightened the phishing-program questions

Cyber insurance carriers in 2026 ask more detailed questions about phishing simulation programs than they did even a year prior. Continuous cadence (monthly, not quarterly) is increasingly the floor for favorable terms. Phishing-resistant MFA on privileged accounts is a separate line item. Multi-channel coverage (SMS + voice in addition to email) is asked about by name on several carriers' applications.

The renewal conversation has bifurcated: programs that meet the new standard get measurable premium reductions; programs that don't get materially worse terms or non-renewal. The cyber-insurer renewal walkthrough covers the nine-question shape of the modern application.

6. Voice cloning made vishing genuinely scary

Deepfake voice cloning crossed from research-paper curiosity into operational attacker capability around 2023-2024 and matured through 2025-2026. Cloning a CFO's voice from a few minutes of public earnings-call audio is now within reach of mid-tier attackers. The business email compromise (BEC) attack pattern that used to be email-only has a voice variant that's significantly more convincing.

The simulation-program implication: voice-channel phishing simulations are no longer a nice-to-have for any organization with executives whose voices appear on public recordings. Callback-verification protocols and code-words for inbound IT or executive calls are now real controls, not theatrical ones. The deepfake vishing piece walks through defense.

7. Quishing (QR code phishing) earned its own enforcement attention

QR code phishing - the malicious URL hidden inside an image-encoded QR - bypasses email URL scanning and showed enough volume in 2025 that several government cybersecurity agencies issued specific advisories. Attackers print QR codes on stickers and slap them over legitimate parking-meter QRs in major cities; less obviously they embed quishing QRs in PDFs and document attachments where most security tooling doesn't follow.

The training-program implication: include QR-code-format lures in the simulation rotation. The lure looks visually different from a typical phishing email - it teaches a different recognition heuristic. The quishing piece covers the attack pattern.

What did NOT change in 2026

Three things stayed remarkably stable, and security programs that focus on these don't get blindsided by the trend changes above:

Lure categories. Microsoft 365 password expiry, fake DocuSign, fake invoice, fake delivery notification, IT helpdesk impersonation - these remained the volume leaders. Better grammar, faster proxies, but the same five lure shapes.
User psychology. Urgency, authority, fear of consequence remain the social-engineering levers. The lure presentation evolves; the human levers don't.
Email is still the dominant delivery channel. SMS and collaboration tools grew; email did not shrink. The threat surface diversified, but it did not replace email. Security programs that "decided to focus on the new channels and de-prioritize email" got burned.

What this means for the security-awareness program in 2026

The practical changes a phishing-simulation program should make this year:

Cadence: if you're still on quarterly, move to monthly. Mature programs run weekly for highest-risk cohorts (finance, IT admins, executives).
Channel mix: add SMS, voice and collaboration-tool simulations to email-only programs. Auto-assigned remediation on click in any channel.
Difficulty distribution: retire the easy tier or use it sparingly. Modern lures don't have typos. Run mostly regular and hard tiers.
Phishing-resistant MFA rollout: if it's not started, start with admins and executives. Track the rollout in executive program metrics.
Reporting that maps to the threats: click rate per attack category (sign-in clone vs consent prompt vs AiTM-styled), not aggregate. Boards in 2026 ask specifically about M365 attack-pattern click rates.

Where Bait & Phish fits

Bait & Phish ships with templates that mirror the 2026 threat landscape: AiTM-styled M365 sign-in clones, OAuth consent prompts, Teams external-chat lures, QR code phishing variants and AI-grammar-quality lures across the difficulty tiers. Multi-channel coverage means email + SMS + voice simulations from the same program. Auto-assigned remediation training fires the moment a user clicks. Start a free trial up to 25 users to run a 2026-aligned campaign in your environment, or contact us if you want to walk through how the simulation library maps to current threat trends.

This post is informational. Specific defense-architecture and identity-rollout decisions are organization-specific - consult your security and IAM teams for tailored guidance.

8apr