Sixty-two percent of breaches involve a human element, per Verizon's 2026 Data Breach Investigations Report. That number hasn't moved much in years. What's changed is what “human element” actually means.
Most organizations have already run employees through security awareness training and phising simulations. Click rates have improved. Completion rates are high. The attacks keep landing anyway.
Why? Because today's real attacks look nothing like what the training covers.
This blog covers five human-risk incidents from 2026, what actually happened, and the specific decision point in each one where a properly built simulation would have exposed the gap before an attacker did. It closes with how Frame keeps a workforce prepared across all five, in the same channels the attacks actually use.
1. IT Help Desk Impersonation Over Microsoft Teams
The setup starts with something almost boring: a phishing email carrying a malicious PDF. Then an unsolicited Microsoft Teams voice call comes in from an external account, posing as an IT system administrator. The caller is calm, patient, and fluent enough in internal support jargon to sound legitimate.
The attacker walks the victim through installing a real remote-access tool, framed as a routine fix. Once access is granted, a malicious installer quietly pulls down a Node.js runtime and decrypts a payload, launching EtherRAT, a remote access trojan documented by BleepingComputer that runs across Windows, Linux, and macOS. Its command infrastructure is unusually resilient: it queries Ethereum smart contracts across multiple public RPC providers to locate active control servers, using majority consensus among responses to survive takedown attempts.
The decision point wasn't technical. It was the moment an employee treated an unsolicited internal-looking call as legitimate, because it arrived through a trusted platform with a trusted-sounding job title attached.
2. AI Voice Cloning and Executive Impersonation
In January 2026, an entrepreneur in the Swiss canton of Schwyz lost several million Swiss francs after a series of phone calls in which an AI-cloned voice impersonated a trusted business partner. The case echoes a broader pattern security researchers are tracking: the assumption that voice and video can be trusted as proof of identity no longer holds.
The mechanism is simple to describe and hard to defend against: a voice can now be cloned from three seconds of audio (McAfee), and executives generate that much source material every time they speak on an earnings call, a webinar, or a podcast. The attack doesn't need to breach a network. It needs the target to trust what they're hearing for long enough to authorize one transfer.
The failure point is almost never initial access. It's the authorization moment, the instant a human, reassured by a familiar voice, approves something fully within their normal authority. No malware alert fires, because nothing malicious touched the network.
3. QR Code Phishing (Quishing)
Quishing incidents rose approximately 146% in the first quarter of 2026 alone, according to threat intelligence data cited by Yahoo Finance. The corporate version of this attack looks different from the parking-meter sticker scams making headlines: attackers have sent fake conference invitations to strategic advisory firms, each carrying a QR code that led to a forged Google login page. The resulting compromise included session token theft and MFA bypass, with no MFA failure alert generated.
QR phishing works because it hides its destination until the moment of the scan, and it inherits the trust of wherever it's placed, an inbox, a poster, a printed invitation. Email security gateways built to parse text and scan links have no visibility into what's encoded inside an image. The user's own phone, not a managed corporate device, becomes the point of compromise.
4. The Deepfake Job Candidate
Unit 42 researchers demonstrated that it takes just over an hour, with no prior deepfake experience and cheap consumer hardware, to build a convincing real-time synthetic identity for a video interview. North Korean IT worker operations have adopted the technique at scale to secure remote jobs at Western companies. KnowBe4 itself disclosed hiring one of these threat actors, only discovering the mistake after the person loaded malware onto their corporate workstation.
The scheme's infrastructure is still being prosecuted in 2026: in February, a Ukrainian national was sentenced to five years in prison for running an identity-rental service that paid U.S. hosts to operate “laptop farms” enabling North Korean IT workers to pose as domestic employees.
The decision point here sits inside HR and hiring, not IT. A hiring manager who's never been trained to expect a synthetic face on a Zoom interview has no reason to look for the tells: mismatched lip-sync, unnatural pauses before unscripted questions, lighting that doesn't quite track head movement. Almost no security awareness program trains recruiters at all. This threat exploits that blind spot directly.
5. Vendor Email Compromise and Invoice Fraud
In April 2026, the FBI and the U.S. Attorney's Office recovered $4.8 million that had been scammed from Dickinson Public Schools in North Dakota through a business email compromise scheme. The recovery is the rare part. Most organizations don't get their money back.
The attack doesn't need to breach the target company at all. It only needs access to a supplier's mailbox. From inside a legitimate, ongoing thread about real purchase orders, the attacker inserts one message: updated banking details for an upcoming payment. Because the thread, the tone, and the invoice format are all genuine, it passes almost every check built to catch a suspicious sender.
Accounts payable teams are trained to distrust unfamiliar senders. They're rarely trained to distrust a familiar one, mid-conversation.
Why Legacy Training Misses All Five
Each of these attacks defeats the same assumption: that verification through a familiar channel, voice, video, platform, or thread, is proof enough. Static training libraries built on a quarterly refresh cycle can't adapt fast enough to keep up, especially when attackers evolve the pretext the moment a defense becomes common knowledge.
Frame closes that gap differently. Instead of a content library, Content Studio generates training and simulations from the actual threats your organization is facing, built around your real vendors, your executives' names, and your workflows, not a fictional composite firm. Simulation extends across email, voice, QR, and deepfake video and audio, so employees are tested against the same channels attackers are actually using. Human Risk Scoring pulls verified signals, like MFA posture and risky sign-ins, to show you where exposure actually sits, not just who clicked “done” on a module.
The threat that hit a peer firm this morning can be the training your team runs this afternoon.
That's how you keep up with human threats in 2026.
Schedule a demo to build a training live on the call.


