‘The Inbox Is No Longer the only Frontline’: Phishing Attacks Are Evolving as Cyber Criminals Ramp up ‘Multi-Channel’ Campaigns over Email and Microsoft Teams

Phishing has long been synonymous with deceptive emails, but the threat landscape is undergoing a rapid transformation. According to KnowBe4’s latest Phishing Threat Trends Report, calendar‑invite phishing alone surged 49% over the past year, while attacks that blend email with other collaboration channels are becoming the new norm. This “multi‑channel” approach lets adversaries strike victims at multiple touchpoints, increasing the likelihood of a successful compromise. By extending the kill chain beyond the inbox, threat actors can harvest credentials, deploy ransomware, or exfiltrate data with fewer obstacles.

Microsoft Teams, now a staple for real‑time collaboration, has emerged as a prime vector in these campaigns. The report documents a 41% jump in Teams‑based phishing between October 2025 and March 2026, driven in part by the “Chat with Anyone” feature that allows users to initiate conversations using only an email address. Attackers exploit the platform’s informal tone, impersonating IT staff, HR personnel, CEOs, or finance teams to gain trust. By following an initial email, they move the conversation to Teams, where they can validate their identity and sustain a persuasive dialogue, dramatically raising success rates.

Enterprises can no longer rely on email‑centric defenses alone. Security teams should integrate phishing detection across calendar services and collaboration platforms, enforce MFA for all Teams logins, and deploy AI‑driven anomaly monitoring that flags unusual cross‑channel activity. Regular, scenario‑based training that simulates multi‑channel attacks can reinforce user vigilance, while policy controls—such as restricting external chat initiations—reduce the attack surface. As remote work persists and collaboration tools evolve, a holistic, zero‑trust approach will be essential to stay ahead of adversaries who are increasingly blending social engineering tactics across multiple digital frontlines.