Phishing Overtakes the Dark Web as the Biggest Source of Stolen Personal Data

By Abdul Wasay|40 minutes ago |
Auto Draft

Phishing and social engineering have overtaken the dark web as the leading method used by cybercriminals to obtain stolen personal and corporate information.

This breakthrough comes according to the 2026 Enterprise Social Engineering Report. The findings mark a significant shift in how hackers operate and where organizations face their greatest exposure.

The report, compiled from surveys of more than 420 cybersecurity leaders across industries, found that only 4% of respondents were confident their employees’ personal data, including phone numbers, home addresses, and family details, was adequately protected from attackers. The remaining 96% admitted they could not say the same. Security professionals surveyed described the dark web as increasingly functioning as a secondary repository or “information dumpster” where already-stolen data is stored and traded, rather than the active source of fresh compromise it once represented.

Hackers are instead targeting live victims directly. Phishing campaigns use fraudulent emails and messages to trick employees into surrendering passwords, login credentials, and confidential business data. Vishing, or voice phishing, involves attackers calling employees while impersonating IT support staff or trusted colleagues, manipulating them into disclosing sensitive information in real time. Data brokers and criminal groups have become highly skilled at exploiting human psychology, and information obtained through these methods is sold on underground forums where it is used to access corporate networks.

Several high-profile incidents illustrate how effective these tactics have become. Jaguar Land Rover reportedly suffered losses after criminal groups Scattered Spider and ShinyHunters gained access through social engineering in 2025. British retailer Marks and Spencer was targeted by attackers who impersonated IT support staff to extract critical credentials. Casino operators Caesars Palace and MGM Resorts International also faced social engineering attacks that exposed sensitive business information.

Security experts warn that as technical defenses improve, human error remains the most exploitable vulnerability. Organizations must invest in employee awareness training, stronger authentication, and continuous monitoring to reduce exposure.

You can read the report here.

Abdul Wasay

Abdul Wasay explores emerging trends across AI, cybersecurity, startups and social media platforms in a way anyone can easily follow.

Latest News

Auto Draft

Govt to Enforce 18 Percent GST on 3,000 Plus Daily-Use Products

Daraz Pakistan Appoints Ben Yi As The New Managing Director

Daraz Pakistan Appoints Ben Yi as The New Managing Director

Xiaomi 2K Monitor

Xiaomi 2K Monitor Now Available in Pakistan for Less Than Rs. 65,000

Microsoft Ai Skills Fest 2026 How To Get A Free Certification Exam Voucher Before June 12

Microsoft AI Skills Fest 2026: How to Get a Free Certification Exam Voucher Before June 12

Senate Panel Summons Officials Over Social Media Platforms Refusal To Share Data

Senate Returns Rs1.4 Billion to Exchequer Through Austerity Drive

Pakistan IT Exports

Govt Allocates Rs20 Billion for IT Projects Against Rs72 Billion Demand

How Obsession Became Horrors Biggest Box Office Surprise Of 2026

How ‘Obsession’ Became Horror’s Biggest Box Office Surprise of 2026

Auto Draft

Sindh Police Blacklists 40,000 Karachi Vehicles

FBR Action Against Online Personalities

FBR Plans Action Against Online Personalities Flaunting Expensive Lifestyles

Auto Draft

Punjab Completes 17,000-Camera Surveillance Network Across All Districts

Sindh Government Reveals Ai Centre And It Tower Plans At Karachi Innovation Summit 2026

Sindh Government Reveals AI Centre and IT Tower Plans at Karachi Innovation Summit 2026

Apple Foldable iPhone

Apple Foldable iPhone May Launch Only in White, New Leak Suggests

Auto Draft

SECP Drops Security Clearance for Foreign Directors

Get Alerts