Why Email Isn't the Only Channel Anymore
Email security got better. So attackers moved channels. SMS, WhatsApp, voice calls, LinkedIn DMs, Microsoft Teams chats — all of these have weaker filtering and stronger trust signals than email. Most companies' security awareness programs are still email-shaped.
Vishing: Voice Phishing in 2026
The textbook vishing call from 2015 ("This is Microsoft support, your computer has a virus") still exists, but it's the bottom tier. The high-value version uses voice cloning:
- Three seconds of public audio (a webinar, a podcast snippet, a voicemail) is enough.
- Real-time cloning lets attackers hold full conversations in a victim's CEO's voice.
- Targets are usually finance staff, with urgency framing ("don't tell anyone, I'm in a meeting, just wire the funds").
Several documented 2024–2026 fraud cases involved 7-figure wire transfers triggered by deepfaked voice calls — sometimes combined with a deepfaked Zoom call to add visual confirmation.
Smishing & Messaging-App Attacks
SMS and messaging apps don't have spam filters anywhere as mature as email. The most common patterns:
- Package delivery scams — "Your shipment requires a customs payment."
- Bank-fraud spoofs — "Confirm transaction or your account will be locked."
- Job offer scams — "We saw your LinkedIn, here's a great role with a quick interview on Telegram."
- Workforce-targeted — "This is the new IT helpdesk, please confirm your password reset."