HomeIntelligenceBrief
BREACH BRIEF⚪ Informational ThreatIntel

Voice & SMS Phishing Simulations Reveal 40% Higher Click Rates – Keepnet Data Highlights Emerging Human Risk

Keepnet contributed voice and SMS phishing simulation data to the 2026 Verizon DBIR, which found a 40 % jump in median click rates versus email. The finding underscores a widening gap in corporate awareness programs and signals a new priority for third‑party risk managers.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 helpnetsecurity.com
Severity
Informational
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Voice & SMS Phishing Simulations Reveal 40% Higher Click Rates – Keepnet Data Highlights Emerging Human Risk

What Happened – Keepnet, an extended Human Risk Management (xHRM) platform, supplied its voice‑ and SMS‑phishing simulation results to the 2026 Verizon Data Breach Investigations Report (DBIR). The DBIR notes a 40 % increase in median click rates for phone‑centric simulations (2 % vs. 1.4 % for email).

Why It Matters for TPRM

  • Attackers are shifting from email‑only lures to synchronous voice/SMS vectors, which traditional awareness programs often miss.
  • Higher click rates indicate a larger, under‑measured attack surface that can lead to credential compromise, BEC, or ransomware initiation.
  • Vendors that do not test or monitor voice/SMS phishing expose their clients to amplified human‑risk exposure.

Who Is Affected – Financial services, healthcare, technology SaaS, and any organization that relies on phone or SMS for business communications.

Recommended Actions

  • Incorporate voice and SMS phishing simulations into your third‑party risk assessment program.
  • Update security awareness curricula to cover real‑time pre‑texting and AI‑generated voice cloning.
  • Verify that vendors (especially MSPs, cloud hosts, and communication platforms) have measurable controls for phone‑centric social engineering.

Technical Notes – The DBIR data shows a median click rate of 2 % for voice/SMS simulations versus 1.4 % for email. The rise is driven by cheap AI voice cloning, corporate‑level voice‑phishing (e.g., MGM Resorts 2023 breach), and automated pre‑texting scripts. No specific CVEs are involved; the threat vector is social engineering via telephony and text channels. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/22/keepnet-verizon-dbir-2026/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →