THE Unit 42 piece argues that phishing remains a persistent issue in 2026, evolving rather than disappearing, with the human element at the core of most successful intrusions. It outlines three stages of a phishing attack—The Bait, The Hook, and The Catch—revealing how attackers tailor messages to attract, engage and prompt action from victims.
Unit 42 identifies three prevalent social engineering techniques, namely Urgency and Fear, Authority and Trust (often aided by AI deepfakes), and Distraction, which together exploit cognitive biases and everyday behaviours. According to CISA, phishing emails are associated with more than 90% of successful cyberattacks, a figure the article notes alongside rising monetary losses despite a slight overall drop in phishing frequencies.
The piece also highlights how overconfidence and the illusion of control can create dangerous blind spots, with insights from Lisa Plaggemier and Sama Manchanda on exploiting the human psyche to bypass technical controls. Published: 3 February 2026.