
Contents
TL;DR — Phishing in 2026 is bigger, faster, and much harder to catch. The APWG recorded 971,181 phishing attacks in Q1 2026, up 13.8% over the prior quarter, while Microsoft blocked roughly 8.3 billion email-based phishing threats in the same period. Credential theft is now the point of almost every campaign (94% of Microsoft's payload attacks), adversary-in-the-middle (AiTM) kits that steal live session tokens are the new default (up 139% in six months, per KnowBe4), and 85.8% of attacks are now AI-driven. QR-code and calendar-invite lures are exploding, attackers are laundering their traffic through trusted platforms (84.4% of successful phish now pass DMARC), and Cloudflare's network fronts 39% of phishing sites. This is our full read of the 2026 data.
About this report. We synthesize the three most substantive phishing datasets published for 2026: Microsoft's Email threat landscape: Q1 2026, the APWG Phishing Activity Trends Report, Q1 2026, and KnowBe4's Phishing Threat Trends Report, Vol 7. The hard volume numbers center on Q1 2026 (January to March), the freshest quarter with published data; KnowBe4's trend windows cover the trailing six months (roughly October 2025 to March 2026). We read each report in full, extracted the underlying figures, and cross-checked overlapping metrics before writing. Every figure is quoted as published and was current as of 16 July 2026. Nothing here is our own telemetry unless we say so.
| 2026 phishing at a glance | Figure | Source |
|---|---|---|
| Phishing attacks, Q1 2026 | 971,181 (+13.8% QoQ) | APWG |
| Email phishing threats blocked, Q1 2026 | ~8.3 billion | Microsoft |
| Payload attacks that are credential theft | 94% | Microsoft |
| Attacks that are AI-driven | 85.8% | KnowBe4 |
| Reverse-proxy (AiTM) growth, 6 months | +139.2% | KnowBe4 |
| Successful phish that now pass DMARC | 84.4% | KnowBe4 |
| Most-targeted sector | Telecom, 33% | APWG / Crane |
| Phishing sites fronted by Cloudflare's network | 39% | APWG / Fortra |
The big picture: more volume, less friction, more automation
Read together, the 2026 reports tell one story. Phishing volume is still rising across every measurement. The purpose of that volume has narrowed almost entirely to stealing logins and the session tokens behind them. And the work of producing convincing, evasive lures at scale has been handed to automation and AI, which has collapsed the cost of a high-quality campaign to near zero. Seven charts in this report visualize the headline series from the underlying datasets.
The result is a threat that no longer looks like the clumsy, typo-ridden email of a decade ago. In 2026 a phishing message is likely to arrive from a trusted platform, pass every authentication check, carry its payload inside a PDF or a calendar invite rather than a raw link, render a pixel-perfect login page through a live reverse proxy, and quietly hand the attacker a valid session that walks straight past multi-factor authentication. The rest of this report breaks that down, source by source.
Phishing volume is still climbing
Every dataset points up. The APWG counted 971,181 unique phishing attacks in Q1 2026, a 13.8% increase from 853,244 in Q4 2025, spread evenly across the quarter (320,264 in January, 329,625 in February, 321,292 in March). Across those three months, phishing targeted 766 unique brands.
Microsoft operates at a different scale, detecting approximately 8.3 billion email-based phishing threats in Q1 2026, easing from 2.9 billion in January to 2.6 billion in March after a major infrastructure takedown (covered below). KnowBe4 measured a 17.1% increase in phishing attacks over the previous six months. Links remain the dominant delivery method: Microsoft found 78% of email threats were link-based, and KnowBe4 put links (including QR codes) at 60.1% of payloads, ahead of attachments (30.6%) and pure social engineering (9.3%).
Credential theft is the whole game now
The purpose of most phishing in 2026 is a login, not malware. Microsoft reports that credential phishing grew to 94% of all payload-based attacks by March, with traditional malware collapsing to just 5–6%. KnowBe4 reaches the same conclusion from a different angle: 60.13% of attacks rely exclusively on malicious links, and 90% of malicious attachments embed a credential-harvesting page rather than delivering a virus. The message is consistent across both datasets: the modern phishing economy runs on stolen credentials and the session tokens that come with them.
AiTM and the death of static multi-factor authentication
The technique reshaping the landscape is adversary-in-the-middle (AiTM), also called reverse-proxy phishing. Instead of a static fake login page, the attacker runs a live proxy between the victim and the real service. The victim sees a genuine login (because it is the genuine login, relayed), enters credentials and approves the MFA prompt, and the proxy silently captures the resulting session token. With that token, the attacker is logged in, and standard MFA never mattered.
The growth is steep. KnowBe4 tracked a 139.2% surge in reverse-proxy phishing between September 2025 and March 2026, with the share of link-based phishing carrying a reverse-proxy payload climbing month over month from 7.8% in January 2025 to 23.7% by December. It calls AiTM "the stealthy new standard," and the tooling is off-the-shelf: open-source frameworks like Evilginx, Modlishka, and Muraena, and commercial phishing-as-a-service (PhaaS) kits including Greatness, NakedPages, EvilnoVNC, Kratos, Starkiller, and Quantum Route Redirect. Kratos, KnowBe4 notes, only activates its payload on human interaction to evade automated scanners.
Microsoft's quarter was shaped by one PhaaS platform in particular, Tycoon2FA. After a disruption in March, attacks pointing to Tycoon2FA fell 15% in March, and its share of CAPTCHA-gated phishing dropped from more than three-quarters at the end of 2025 to 41% in March, with over 41% of its remaining domains shifting to a .ru TLD. Microsoft also flagged additional PhaaS names, including Kratos and EvilTokens, and early signs of device-code phishing as the next technique.
These operators also work hard to stay invisible to researchers. KnowBe4 documented a VPN-detection and redirection tactic: attacker infrastructure checks whether a visitor is arriving from a corporate VPN (Palo Alto GlobalProtect, Check Point, Citrix, OpenVPN, Cisco AnyConnect) and, if so, redirects them to a benign site (tesla.com, github.com, forbes.com, and similar) so analysts see nothing while real victims see the phish.
We have seen this chain first-hand. Our IronToll investigation documented a live-interception kit that replayed victims' one-time codes on the real site within seconds, exactly the session theft standard SMS or app-based MFA cannot stop. The defensive takeaway is blunt: a stolen password plus a stolen session token defeats standard MFA. Only phishing-resistant authentication (passkeys, FIDO2 security keys) reliably breaks this chain, because the credential is bound to the real origin and cannot be replayed through a proxy.
The payload evolution: HTML, PDF, SVG, and the encrypted-file trick
With credential harvesting the goal, the file formats used to deliver it have churned constantly. Microsoft's March 2026 breakdown of malicious payloads was HTML 31%, PDF 28%, SVG 19%, DOC/DOCX 12%, and URL 10%. PDF-based delivery grew 38% in February and another 50% in March to its highest volume in over a year; ZIP files nearly doubled in January before whipsawing; and DOC/DOCX payloads jumped almost fivefold in March.
The disguises are getting better. KnowBe4 found that in March, 36.8% of malicious HTML attachments pretended to be an encrypted file, and that attackers increasingly favor formats that blend into normal business communication. Attachment sizes are climbing too, from an average of 142.2 KB in 2023 to 183.7 KB in 2026, deliberately padded with auto-generated content to overwhelm scanners, alongside a 111.8% increase in unique malware signatures since the start of 2026.
Underneath the file types is a growing toolbox for evading secure email gateways (SEGs). KnowBe4 reports a 31.4% increase in phishing that successfully evades SEGs, with 64% of attacks now using obfuscation such as white-on-white text, HTML smuggling, hidden HTML or markdown instructions in page source, zero-pixel images carrying malicious metadata, and microscopic footnotes buried in long documents. The point of most of these tricks is the same: keep the malicious content out of the initial, scannable payload.
Quishing: QR codes move into attachments
QR-code phishing ("quishing") is one of the clearest growth stories of 2026, but the two datasets measure it differently, and both are worth understanding. Microsoft recorded raw QR-code phishing volume climbing 146% over the quarter, from 7.6 million attacks in January to 18.7 million in March, with most codes delivered inside PDF attachments (70% by March).
KnowBe4, measuring QR as a share of all phishing, saw standard in-body QR usage dip to 3.79%, but found that 64.51% of QR codes are now placed inside an attachment rather than the email body. Both point the same way: attackers are nesting QR codes inside PDFs and SVGs specifically because a gateway that scans the message body will miss a code tucked inside a file. Related, CAPTCHA-gated phishing more than doubled in March (+125%) to 11.9 million attacks, the highest in a year, as attackers use fake human-verification steps to keep automated crawlers out.
The channel shift: Teams, calendar invites, and multi-channel attacks
The most striking structural change in 2026 is that phishing has moved beyond the email inbox. KnowBe4 tracked a 41% surge in Microsoft Teams attacks over six months, exploiting the default "Chat with Anyone" feature that lets any external address message an employee. Teams payloads break down as malicious links 59%, fake calls 21%, QR codes 16%, and malware 4%, with deepfake voice calls emerging at just under 5% of call-based attacks. Crucially, 17.38% of Teams attacks are now multi-channel: the hook is set with an email, then a follow-up Teams message delivers the payload, a "context switch" that resets the target's mental filter and manufactures a false sense of verification from seeing the sender on two platforms.
Attackers have also discovered the corporate calendar. KnowBe4 reports calendar-invite phishing surged 49% in six months, abusing the .ics file, a universally trusted format that most gateways treat as a benign scheduling tool. A malicious invite auto-inserts into a victim's calendar whether or not the email is opened, then relies on "calendar fatigue" as busy employees jump from meeting to meeting. 85% of calendar phish use impersonation (brand 46%, company 32%, user 13%, VIP 9%), and the payload is predominantly a link (72%). In one documented chain, attackers abused legitimate Google Calendar notifications to pass DMARC, routed through a high-reputation Google tracking URL, then bounced to an open redirect on a compromised university (.edu) domain to hide the final credential-harvesting page.
Voice is the other emerging channel. KnowBe4 saw MP3 files in phishing rise 38.1% since the start of the year, with attackers cloning executive voices using tools like ElevenLabs and Resemble AI for "calibrated" live calls on platforms such as Zoom. The average messages per attack campaign has also risen from about one to nearly eight (+450%) as attackers build rapport before the ask, and email length has nearly doubled since 2022, from 497 to 1,011 characters, as AI writes longer, more convincing narratives.
Impersonation and the abuse of trusted platforms
Brand impersonation is the connective tissue of 2026 phishing, and the trend is toward becoming the trusted platform rather than merely imitating it. KnowBe4 found that in February 2026, Zoom and Docusign overtook Microsoft as the most-impersonated brands, that PayPal mentions in phishing rose 237.9% year-over-year in October 2025, and that HR-themed lures (salary, promotion, "employee handbook review") made up 31% of phishing in January.
The bigger shift is infrastructure abuse. KnowBe4 reports that 22% of all phishing is now sent through a legitimate platform (Google, Microsoft, SharePoint, and similar), so the email inherits the platform's authentication and lands in the inbox. That is a major reason 84.4% of successful phish now pass DMARC, rendering "does it pass authentication" a nearly useless signal on its own. Of phishing that bypasses gateways, KnowBe4 attributes 61.2% to compromised business accounts (11.4% of them from trusted supply-chain partners) and 27.6% to webmail providers like Gmail and Outlook, with only 13.6% from dedicated "phishing domains." On social platforms, APWG member ZeroFox found impersonation at 44% and scams at 27% of all threats, together 70.9% of the social-media threat landscape, with unauthorized brand-logo use nearly doubling year over year to 16.9%.
Who is being targeted: sectors, departments, and roles
The sector picture shifted sharply in Q1 2026. APWG member Crane Authentication found Telecom became the most-attacked sector at 33% of all attacks, up from just 5.9% in Q3 2025, with telecom URL phishing up 75% since Q4 2025. SaaS/Webmail followed at 20%.
On social platforms specifically, ZeroFox found Finance remained the top target sector (27.9%, down from 35.5% a year earlier) while attacks on U.S. Federal Government jumped to 23.6%. KnowBe4's most-phished departments were C-Suite, HR, IT, Finance, and Sales, and its most-phished industries were Finance, Legal, Healthcare, Logistics, and Insurance. Drilling into roles, KnowBe4 reports the five most-targeted job titles are CEO, CPO, CFO, VP of Finance, and COO, the people with "the keys to the kingdom," and that a new employee typically receives their first phishing attempt within their first month, as attackers monitor "new joiner" announcements to hit staff before security training lands.
Where phishing is hosted, and why takedown is hard
For anyone running takedowns, the hosting data is the most actionable finding of the quarter. When Fortra contacted providers to disable phishing sites in Q1 2026, one name dominated: Cloudflare's network fronted 39% of those phishing sites through its DNS proxy, which hides the true origin, followed by Amazon (11%), Hostinger (4%), and Microsoft (4%). Cloudflare's registrar also rose to the #3 spot among registrars used by BEC scammers, behind NameSilo and NameCheap.
That matches what we have documented first-hand in 2026: free Cloudflare infrastructure has become default phishing hosting. See our analyses of Cloudflare Drop abuse and a live SharePoint phishing kit on Cloudflare Workers. Reputable, un-blockable parent domains, free TLS, and a proxy that masks the origin are exactly why per-URL takedown is slow and blanket blocking is impossible. Crane Authentication also flagged more than 500 newly registered "tariff refund" scam domains capitalizing on current events, and more elaborate cloaking, where a fraud page renders only for visitors arriving from a specific search query or social link and shows innocuous content to everyone else.
Business email compromise: smaller asks, tighter operations
BEC is quieter than credential phishing but more disciplined. Fortra found the average wire-transfer BEC request fell 15% to $42,663, and the total number of wire-transfer BEC attacks dropped 25% quarter over quarter, a shift toward lower-friction cash-outs. Gift cards were the most requested method (48%), ahead of wire transfers (19%) and payroll diversion (11%). 72% of BEC attacks used a free webmail domain, with Gmail accounting for 53% of those. Fortra tracked "Scripted Sparrow," which it calls the world's most prolific BEC gang, spreading mule accounts across 24 financial institutions, favoring Green Dot/Go2Bank (45% of its accounts).
The scale remains enormous: Microsoft counted roughly 10.7 million BEC attacks in Q1 2026 alone, and three of the five most active threat-actor groups KnowBe4 profiles run BEC as their primary attack type.
AI and the industrialization of phishing
If one theme unifies the 2026 reports, it is automation. KnowBe4 states that 85.8% of phishing attacks in the past six months were AI-driven, up from 79.9% in 2024, and frames the shift as an "agentic" one, with autonomous tooling now handling reconnaissance, lure development, payload generation, and delivery. It estimates AI-driven attacks are seven times more efficient than campaigns relying on manual research. Polymorphic elements (auto-varied lures, links, and attachments that dodge signature filters) now appear in 67.3% of phishing so far this year, up from 56.9% in 2024.
That capability is now a purchasable commodity. KnowBe4's dark-web survey found a Cybercrime-as-a-Service (CaaS) market with a clear price ladder, from Unlock ChatGPT at $4.73 through WormGPT 4 ($220), FraudGPT ($299), and Xanthorox AI at $3,000, each offering escalating capabilities from basic lure generation to self-correcting malware, thread injection into existing email conversations, and screenshot analysis for reconnaissance. The report also flags the next frontier: indirect prompt injection, where attackers embed machine-legible instructions in emails to hijack the AI assistants that increasingly triage inboxes, turning a trusted agent into what it calls a "malgent." Its summary is that attackers "are no longer just socially engineering humans; they are socially engineering AI."
The threat-actor landscape
Rather than track easily-changed indicators, KnowBe4 profiled the most active groups by behavior. Its Q1 2026 threat-actor table captures how industrialized this has become, with several groups showing near-perfect consistency across hundreds of automated campaigns.
| Group (KnowBe4 alias) | Origin | Email volume | Campaigns | Attack type |
|---|---|---|---|---|
| Basalt Harrier | USA | 37,224 | 294 | Generic e-commerce fraud |
| Amber Shearwater | Latvia | 33,450 | 250 | Temu e-commerce fraud |
| Laterite Magpie | Nigeria | 29,859 | 78 | BEC + Microsoft impersonation |
| Tektite Vulture | Vietnam | 28,491 | 461 | BEC + Docusign impersonation |
| Sulphur Kestrel | Indonesia | 11,312 | 254 | BEC + QR + company impersonation |
Two profiles illustrate the range. Tektite Vulture (Vietnam) runs large, concentrated bursts (one campaign hit 8,037 emails in a single day) using the Typhoon PhaaS kit, poses as internal IT or Docusign, and hides the real sender address behind "display name stuffing" and clickable-image lures. Sulphur Kestrel (Indonesia) specializes in high-fidelity Microsoft 365 credential harvesting and session-based MFA bypass, using Greatness or NakedPages reverse-proxy kits, "just-in-time" aged domains, Cloudflare tunneling, and calendar-invite injection to auto-process its lures as meetings.
Timing and evasion: the end-of-day blur
Modern phishing is timed and staged to beat both people and tools. KnowBe4 found attacks now peak at 5:00 PM local time (4,119 campaigns started in that hour in its dataset), an "end-of-day blur" when cognitive load is highest and scrutiny lowest. On duration, over 60% of campaigns try to overwhelm defenses in under 24 hours, while the most sophisticated actors deliberately drip-feed campaigns across five to ten days to exhaust volumetric filters and defense teams.
The infrastructure is chosen to defeat reputation-based defenses too. KnowBe4 put the average phishing link age at 6,372 days, meaning attackers overwhelmingly abuse aged or compromised domains and links rather than fresh registrations, which sail past "newly registered domain" filters. Combined with client-side assembly (content that only exists after the page executes JavaScript) and the VPN-redirection cloaking described earlier, the effect is that a growing share of live phishing is simply invisible to a one-shot automated scan.
What this means for defenders
The 2026 data converges on a consistent set of priorities:
- Deploy phishing-resistant MFA (passkeys/FIDO2). It is the single control that defeats AiTM session-token theft, which standard SMS and app-based MFA do not. This is the highest-impact move on the list.
- Stop trusting authentication as a verdict. With 84.4% of successful phish passing DMARC and 22% sent through legitimate platforms, "it authenticated" no longer means "it is safe." Weight sender behavior, content, and destination over pass/fail auth checks.
- Detect on behavior, not indicators. Aged domains, cloaking, VPN redirection, client-side assembly, and rotating infrastructure defeat static blocklists. Hunt on page structure, kit fingerprints, and sending behavior, and render suspect pages in an instrumented browser rather than fetching them.
- Cover the new channels. Bring Microsoft Teams, calendar invites, QR codes, and voice into monitoring and phishing simulations, not just the email inbox. Multi-channel is now roughly one in six Teams attacks.
- Assume the payload is in the attachment. With 90% of malicious attachments carrying credential-harvesting links and 64.51% of QR codes nested inside files, scanning only the email body misses the threat.
- Monitor your brand and run fast takedowns. With impersonation at the core of the threat and hosting concentrated on a handful of networks, external detection of lookalike domains and coordinated takedown are now table stakes.
Outlook: what to expect through 2026
Based on the trajectories in these reports, the second half of 2026 is likely to deepen rather than reverse. AI-driven share will keep climbing toward near-universal; AiTM and reverse-proxy phishing will continue displacing static credential pages; the channel mix will keep diversifying into Teams, calendars, and voice; and infrastructure abuse of trusted platforms will make authentication-based defenses even less useful on their own. The one bright spot is that the strongest countermeasure, phishing-resistant authentication, works against the dominant technique of the year. Organizations that move to passkeys and pair them with behavior-based detection and fast takedown are the ones the 2026 data suggests will stay ahead.
Sources
- Microsoft Threat Intelligence, Email threat landscape: Q1 2026 trends and insights (30 April 2026).
- APWG, Phishing Activity Trends Report, 1st Quarter 2026 (published 21 May 2026; contributions from Crane Authentication, Fortra, ZeroFox, and Illumintel).
- KnowBe4, Phishing Threat Trends Report, Vol 7 (April 2026).
FAQ
How much did phishing grow in 2026? The APWG recorded 971,181 phishing attacks in Q1 2026, a 13.8% increase over Q4 2025, and Microsoft blocked roughly 8.3 billion email-based phishing threats in the same quarter. KnowBe4 measured a 17.1% rise over the previous six months. Every major 2026 dataset shows phishing volume increasing.
What is the most targeted industry for phishing in 2026? Telecom. APWG member Crane Authentication found Telecom was the most-attacked sector at 33% of all attacks in Q1 2026, up from 5.9% in Q3 2025, followed by SaaS/Webmail at 20%. On social media, Finance remained the top sector at 27.9%.
Does MFA stop phishing in 2026? Standard MFA no longer does on its own. Adversary-in-the-middle (AiTM) phishing kits proxy the real login page and steal the live session token, bypassing SMS and app-based MFA. KnowBe4 measured a 139% rise in reverse-proxy phishing over six months. Only phishing-resistant methods such as passkeys and FIDO2 security keys reliably defeat it.
How much phishing is AI-generated in 2026? KnowBe4 reports that 85.8% of phishing attacks in the past six months were AI-driven, up from 79.9% in 2024, and estimates AI-driven attacks are about seven times more efficient than manual campaigns. A dark-web Cybercrime-as-a-Service market now sells lure-generation and evasion tooling from about $4.73 to $3,000.
Why do so many phishing emails pass spam and authentication checks now? Because attackers increasingly send through legitimate, trusted platforms and compromised accounts rather than their own domains. KnowBe4 reports 22% of phishing is now sent via a legitimate platform and 84.4% of successful phish pass DMARC, so authentication is no longer a reliable safety signal by itself.
Where is most phishing hosted in 2026? According to Fortra's takedown data in the APWG Q1 2026 report, Cloudflare's network fronted 39% of phishing sites (via its DNS proxy, which hides the origin), followed by Amazon at 11%. Free, reputable hosting is a major driver of 2026 phishing.
Are QR codes and Microsoft Teams really being used for phishing? Yes. Microsoft found QR-code phishing volume rose 146% over Q1 2026, and KnowBe4 found 64.51% of QR codes are now hidden inside attachments to evade scanners. KnowBe4 also tracked a 41% surge in Microsoft Teams attacks over six months, with 17.38% now spanning both email and Teams, plus a 49% rise in calendar-invite phishing.
About the authors
PhishEye Threat Research is the anti-phishing and digital-risk-protection team behind PhishEye. We run daily threat hunting across passive DNS, Certificate Transparency, and newly-registered-domain feeds, operate the abuse-reporting pipeline that files takedowns with hosts and registrars, and publish first-hand investigations of live phishing operations, including IronToll (a 90+ domain live-interception PhaaS campaign), Cloudflare Drop abuse, and a live SharePoint kit on Cloudflare Workers. That hands-on work is why the trends above are not abstractions to us: we meet the AiTM kits, the cloaking, and the free-Cloudflare hosting they describe in live cases.
This report summarizes independent third-party datasets. Every figure is attributed to its original publisher, we cross-checked overlapping metrics between sources, and we have not altered any published number. It is an editorial synthesis, not sponsored content, and we have no commercial relationship with the publishers cited.
Spotted an error, or have a 2026 dataset we should include? Contact the team at [email protected], and we will correct or update the report.
