Phishing Didn't Leave the Inbox. It Expanded Around It.

For two decades, enterprise security awareness programs poured budget into one problem: the malicious email. Gateway filters got smarter. DMARC enforcement tightened. Phishing simulations became a quarterly ritual. Those programs checked the box – but they failed to meaningfully reduce user-driven cyber risk, and they left the rest of the attack surface unguarded.

Email phishing is still the most common entry point into the enterprise, and it still drives a significant share of real-world breaches. What's changed is that the inbox is no longer the only place attackers operate. SMS, voice, WhatsApp, Slack, Teams, social media, and deepfaked voice and video now sit almost entirely outside the reach of traditional security awareness programs – beyond gateway filters, beyond domain authentication, beyond hover-over URL previews, and beyond any trained skepticism employees have built up over years of email-only training.

Attackers haven't abandoned email. They've expanded around it, into channels where defenders haven't shown up yet. The User Layer is the only part of the enterprise security stack still running on static, once-a-year interventions instead of defenses built to respond in real time.

The Expansion Is Strategic, Not Random

This isn't a story about email giving way to something new. It's a story about attackers running the same calculus any operator runs when one channel gets harder and the adjacent ones stay wide open.

In 2026, adversaries run their operations the way the best growth teams run campaigns. Agentic AI tracks where engagement rates are higher, where defenses are thinner, and where users are most likely to act without verifying – then reallocates spend accordingly. Channels that convert get more investment. Channels that don't get cut. The feedback loop is continuous and automated. The conversion event is a stolen credential, a bypassed MFA prompt, or unauthorized access to internal systems.  

The same AI infrastructure powering targeting is also driving hyper-personalization at a scale that wasn't previously possible. Job titles, reporting structures, recent announcements, active projects – all of it gets pulled from public sources and fed into attack content automatically. A campaign that once required hours of manual research per target now reaches thousands of people with tailored, credible messaging in a single automated run. What used to define a sophisticated spear-phishing operation is now the baseline for volume attacks. The economics that made targeted social engineering expensive have collapsed.

Productization has finished the job. Capabilities once reserved for nation-states and APT groups are now available to anyone with a credit card. Phishing-as-a-service platforms have been evolving since the mid-2010s, when early kits gave way to subscription dashboards on centralized infrastructure. The current generation is more capable still. Darcula, for example, uses Apple iMessage and Android RCS – channels that bypass traditional SMS carrier filtering – to deliver smishing campaigns across more than 100 countries, built on Docker containers and JavaScript frameworks with a commercial dashboard and templated lures. No technical background required.

Voice followed the same path. In April 2026, a platform called ATHR surfaced on underground forums: a Cybercrime-as-a-Service offering priced at $4,000 upfront plus 10% of profits. ATHR operates as a TOAD (Telephone-Oriented Attack Delivery) platform. It sends phishing emails with a callback number; when the victim dials in, they reach an AI voice agent built on commercial text-to-speech APIs from providers like ElevenLabs and Play.ht. The victim thinks they're calling IT. They're talking to a machine optimized to extract credentials and MFA codes in real time. ATHR has been documented targeting employees at Google, Microsoft, Coinbase, and others. The skill floor for running a sophisticated, multi-turn conversational attack is now near zero.

Verizon's 2026 Data Breach Investigations Report puts a number to the shift: mobile-centric phishing – delivered via SMS and voice – now carry a median success rate 40% higher than traditional email phishing campaigns.

Where Attackers Are Operating Beyond the Inbox

Modern social engineering takes two shapes. Some attacks are point-in-time: a single well-timed message with the right pretext that triggers action before the target has a chance to think. Others unfold across multiple channels and multiple interactions, each step using the last to establish legitimacy for the next – an AI-generated voicemail flags suspicious activity, a WhatsApp message arrives from "IT support," and a deepfake video call on Zoom closes the loop. A single well-crafted message lands with the credibility that once required hours of manual research. A multi-stage campaign can prime on one platform, land on another, and authenticate on a third. Both formats work – and in too many cases, both fall outside the scope of what most enterprise security programs simulate or defend.  

What connects every channel in the sections below is the same underlying infrastructure. AI has removed the effort ceiling on personalization: job titles, reporting structures, active projects, and recent announcements get pulled from public sources and built into targeted pretexts automatically. Spear phishing, once reserved for high-value targets because of the time investment required, is now economically viable at mass scale. And increasingly, these attacks pair social engineering with digital forgery: synthesized identity documents, manipulated passports, and AI-generated biometric data designed to defeat automated onboarding and account verification. The impersonation doesn't stop at voice and video. It extends to any medium where identity is used to authorize access.

SMS (Smishing)

A text message bypasses every layer of enterprise email security. It lands on a personal device, often outside business hours, in an environment where the user's guard is lower and the expectation of urgency is higher. Attackers impersonate IT, HR, payroll, and delivery services – pushing alerts about suspended accounts, failed logins, and time-sensitive actions. The link is a truncated string. The sender name is whatever the attacker chose. There is no equivalent of a domain reputation check.  

Dune Security's 2025 Insider Threat Intelligence Report found that only 27% of enterprises simulate SMS-based phishing, despite mounting smishing exposure. Attackers are operating squarely inside that gap.

Social Media

Social media serves attackers two ways. First, reconnaissance. Before a single message is sent, platforms like LinkedIn provide a detailed map of an organization's people, structure, and relationships. Attackers scrape roles, reporting lines, recent projects, and org changes to build the context that makes a pretext credible. This intelligence-gathering phase is largely invisible, leaves no trace, and requires zero interaction with the target.

Second, direct delivery. LinkedIn DMs and InMail have become a reliable attack vector because they sit entirely outside enterprise email security. Attackers pose as recruiters, hiring managers, and executives, sending personalized offers, skills assessments, and document requests that read like routine outreach. LinkedIn removed 83.7 million fake accounts in the first half of 2025 alone, and over 252 million pieces of spam and scam content across 2024. Bot activity on the platform has nearly quadrupled in six years.  

Collaboration Tools

Messages on Slack and Teams don't feel like attacks; they feel like work. That's the structural advantage attackers exploit. Unlike email, where years of training have built some degree of skepticism, employees have no instinct to question a message that arrives in the same channel where their manager just shared a document. The implicit authority of a familiar platform becomes the pretext.

Threat actors have been running Teams-based voice phishing campaigns since at least May 2024, spinning up fraudulent Microsoft 365 tenants and calling employees directly over Teams to harvest credentials. In other cases, these platforms become the lateral movement layer. Threat group NullBulge infiltrated Disney's internal Slack environment, gaining access to over 10,000 channels and exfiltrating more than one terabyte of data – including 44 million messages, financial details, and internal project files. The entry point was malware on a single employee's device that harvested credentials for the company's password vault. Once inside Slack, attackers moved quietly across channels for months before detection.  

Scattered Spider used a similar playbook against MGM Resorts. The group identified targets on LinkedIn, called the corporate IT helpdesk, and socially engineered support staff into resetting MFA credentials. Once inside, they used Teams and Slack to send internal-looking phishing alerts and pivot toward identity providers. The attack took down digital hotel keys, reservation systems, and slot machines, costing MGM over $100 million. It started with a LinkedIn search and a phone call. It was the abuse of trusted internal collaboration channels that turned a single credential reset into enterprise-wide compromise.

Encrypted Channels

Dune Security's 2025 Insider Threat Intelligence Report identified encrypted messaging apps like WhatsApp, Signal, Telegram, Facebook Messenger, and Viber as the most dangerous blind spot in the enterprise. Not a single CISO surveyed reported simulating attacks on these channels, yet 64% had experienced confirmed or suspected social engineering via encrypted or informal channels in the prior 12 months. The scale of the threat matches the gap. Fraud originating from WhatsApp and Telegram alone accounts for 39% of reported scams globally, with Telegram cases jumping 121% and WhatsApp cases rising 67% in the second half of 2024.

Attackers are shifting to these channels deliberately. Users are conditioned to trust them, and enterprises have zero visibility into what happens there. In BPO and other high-risk industries, the threat takes on an additional form: direct bribery. Attackers use encrypted channels to contact employees outside any corporate monitoring and recruit insiders to facilitate access or data exfiltration. That blurs the line between external social engineering and insider threat – a distinction that matters less than the outcome. Insider-related incidents cost organizations an average of $19.5 million annually in 2026, up 20% year over year.

Voice and Video Deepfakes

Voice-based attacks (vishing) surged over 400% as generative AI made voice cloning faster, cheaper, and more convincing – with deepfake-enabled attacks specifically spiking as much as 1,600%. Deepfakes steal the likeness of executives, IT support, and known partners to bypass corporate security controls. Some are point-in-time: a single AI-generated voicemail or short video clip engineered to trigger action before the target can verify. Others involve conversational AI agents that join live calls and sustain multi-turn dialogue.  

Tools like ElevenLabs, Resemble AI, and HeyGen can clone a voice from under 15 seconds of audio and generate photorealistic video avatars from comparable source material. Several offer free tiers. Originally built for gaming, content creation, e-learning, and entertainment, these consumer products are being actively repurposed for fraud. Platforms like ATHR bundle these capabilities into a fully automated campaign stack. In April 2026, the U.S. Senate sent formal letters to ElevenLabs, Speechify, LOVO, and VEED demanding answers on misuse prevention. Reporting broadly assesses that no meaningful safeguards exist.

Real-world cases from the past two years show how broadly this has landed:

• British engineering firm Arup lost $25.6 million in January 2024 after a finance employee processed 15 wire transfers following a video call with deepfake simulations of the company's CFO and several colleagues, built entirely from publicly available footage.
• In July 2024, attackers impersonated Ferrari CEO Benedetto Vigna on a WhatsApp call – accurately mimicking his southern Italian accent – and requested an urgent currency transaction. The executive asked Vigna a personal question only he could answer. The caller hung up.
• KnowBe4, a cybersecurity firm specializing in security awareness training, discovered in July 2024 that a remote software engineer they had recently hired was a North Korean threat actor using a stolen U.S. identity and an AI-enhanced profile photo. He passed four video interviews and a full background check.
• In March 2025, a finance director at a Singapore multinational authorized a $499,000 wire transfer on a Zoom call where every executive on screen was a deepfake.
• AI-generated videos impersonating Elon Musk to promote fraudulent investment schemes went viral across Facebook and TikTok throughout 2024 and into 2026, with individual victims losing up to $1.7 million – evidence that the risk reaches well beyond the workforce.

Victims of the Musk impersonation who were shown the same videos after the fact still described them as convincing – and that's not surprising. In a separate study, only 0.1% of participants could correctly identify every deepfake image and video they were shown, even when primed to look for fakes. Overconfidence compounds the problem: more than 60% rated their own detection skills as strong regardless of whether their answers were correct.

Gartner found that 43% of organizations experienced a deepfake audio incident in 2025, and 37% experienced a deepfake video incident. The average loss per incident now exceeds $500,000. And with deepfake-enabled fraud projected to reach $40 billion by 2027, the exposure is still accelerating. The question is no longer whether your employees will encounter this, but whether they'll recognize it when they do.

The Attack Surface Expanded. The Coverage Gap Did Too.

Social engineering has never been loyal to any particular channel. It has always been loyal to whatever works. As attackers continue to find new ways to exploit human behavior across every channel, the organizations running programs that end at the inbox are the ones absorbing the cost – and per data breach, that cost averages $10.22 million in the US.

Attackers aren't waiting for security programs to follow. CISOs and security leaders who underestimate the risks of modern social engineering are putting their companies and careers at risk. The modern attack surface is the user, and treating that surface as a training problem rather than a security domain is exactly the gap attackers are already exploiting at scale.

Dune proactively red-teams our customers' organizations using the same social engineering attack modalities that attackers are deploying in the wild – across email, SMS, voice, deepfakes, and collaboration tools. We hyper-personalize testing, training, and control guardrails to each employee's individual risk profile, empowering users to protect both themselves and their organizations in real time.