Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Multichannel phishing and account takeover: what teams need to do


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Phishing is spreading beyond email into Teams, Slack, Zoom, LinkedIn, WhatsApp, and other collaboration channels, increasing account takeover and business email compromise risk, according to Proofpoint, which also cites Verizon, its own human factor research, and observed targeting of 99% of monitored organisations. Human awareness now has to cover identity abuse across every channel, not just inbox defence.

NHIMG editorial — based on content published by Proofpoint: modern cyberattacks exploit people across email and collaboration channels

By the numbers:

Questions worth separating out

Q: How should security teams stop phishing that moves from email into chat apps and social channels?

A: Treat collaboration and messaging tools as first-class phishing surfaces.

Q: Why do account takeovers become so damaging once an attacker gets into a user’s mailbox or chat account?

A: Because the attacker inherits the user’s authority, context, and established trust relationships.

Q: What do organisations get wrong about email-based fraud?

A: Organisations often treat email fraud as a messaging problem when it is really a trust and workflow problem.

Practitioner guidance

  • Expand phishing controls beyond email Apply URL rewriting, attachment analysis, and user reporting to Teams, Slack, Zoom, WhatsApp, and other collaboration channels where social engineering now lands.
  • Add step-up verification for risky account actions Require secondary validation before fund transfers, supplier record changes, mailbox delegation, or access to confidential data, even when the request comes from a familiar account.
  • Create a supplier callback process Verify bank detail changes and urgent payment requests through a known contact path outside the original message thread, and log the confirmation as part of the approval record.

What's in the full article

Proofpoint's full article covers the operational detail this post intentionally leaves for the source:

  • Practical guidance for recognising multichannel phishing across email, chat, social, and text-based workflows.
  • Examples of supplier impersonation and business email compromise patterns that show how fraud unfolds in real environments.
  • The 2025 Cybersecurity Awareness Kit structure and how teams can use it to reinforce training across the year.
  • Proofpoint's framing of people, process, and technology together in reducing account takeover risk.

👉 Read Proofpoint's analysis of multichannel phishing, supplier fraud, and account takeover →

Multichannel phishing and account takeover: what teams need to do?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Multichannel phishing is now an identity governance problem, not just a messaging problem. The article is right to move beyond email, because the trust boundary has shifted into collaboration apps, supplier threads, and mobile messaging. That means verification, not just detection, has to be extended across every channel where a user can be manipulated into taking action. Practitioners should treat channel trust as a control surface, not a communication convenience.

A question worth separating out:

Q: How do security and fraud teams measure whether awareness training is actually reducing social engineering risk?

A: Look for fewer successful impersonation-led approvals, faster reporting of suspicious messages, and lower completion rates for unsafe actions under simulated pressure. Behaviour change is only credible when it shows up in workflow outcomes, not just training completion metrics or quiz scores.

👉 Read our full editorial: Multichannel phishing and account takeover are redefining human risk



   
ReplyQuote
Share: