← Other Blogs
Cyber attack
Phishing
Social engineering

Your employees pass the phishing test. 87.5% still fall for the attack.

← Otros blogs

Your employees pass the phishing test. 87.5% still fall for the attack.

Adding a single channel to a phishing attack multiplies the failure rate by six. That is what most security awareness programs are not measuring — and it is the gap where coordinated attacks succeed. This post argues that single-vector simulation produces readiness data that does not map to how attacks actually land, and examines what a testing methodology built for this reality looks like.
Cyber attack
Phishing
Social engineering

15% of employees fail a standard phishing simulation. Add a vishing call that references that email, and the failure rate climbs to 87.5%.

The second number is not the problem. The problem is that most security awareness programs only measure the first one.

Coordinated attacks that sequence multiple channels — phishing, vishing, chat confirmation — are not an emerging trend. They are the current operational standard for any targeted campaign. And the simulation model most security training is built around was not designed to replicate them.

The gap between how your simulations test employee judgment and how coordinated attacks actually reach them is where readiness data becomes unreliable. Understanding that gap does not require replacing your current program. It requires being precise about what your current program can and cannot measure.

The attack that starts harmlessly

A multi-vector attack does not begin with the most dangerous request. It begins with the most credible one.

A typical sequence looks like this: a phishing email arrives from an address that appears to belong to a trusted vendor. The email asks for confirmation of invoice details — nothing unusual. Two hours later, a phone call references the email by name and by content. The voice on the call explains there is a processing deadline. A follow-up message arrives over Teams or Slack, from a profile that appears to belong to an IT colleague, confirming the urgency.

At each stage, the attack is using the previous touchpoint to establish credibility for the next one. The phishing email primes the employee to expect the call. The call validates the email. The chat message confirms both. By the third touchpoint, the employee is not evaluating a threat — they are completing a process that began two steps ago.

This sequencing strategy is not new. What has changed is the ease and scale at which it can be deployed.

Vishing attacks increased 442% between H1 and H2 2024. (Keepnet Labs, 2025) AI-powered spear phishing now achieves a 54% click rate in controlled testing, compared to 12% for traditional campaigns. (Brightside AI, 2025) The coordination cost that once made multi-vector attacks operationally complex has largely disappeared.

What your click rate isn't telling you

Standard phishing simulation tests one capability: can this employee identify a suspicious email when it arrives in isolation, under no social pressure, with no prior context?

That is a useful capability to develop. It is not the only one that matters under coordinated attack conditions.

Zepo Intelligence research found that phishing alone produced a 15% failure rate among tested employee populations. When the same phishing email was followed by an AI-generated vishing call that referenced it, the failure rate rose to 87.5% — a sixfold increase from adding a single additional channel.

The employees who failed in the combined scenario were not less informed than those who succeeded in the single-vector test. They were exposed to a different type of pressure: the accumulated credibility of a sequence that had already started to feel legitimate before the most dangerous request arrived.

Single-vector simulation cannot produce readiness data for that scenario because it tests a fundamentally different cognitive condition. The employee in a standard phishing simulation is evaluating a single data point. The employee in a multi-vector scenario is managing a process they believe they are already partway through completing.

AI eliminated the signals you taught people to detect

AI-generated content has removed the surface signals that single-vector training was originally designed to catch.

Traditional phishing detection training taught employees to look for grammatical errors, generic greetings, and mismatched sender addresses. AI-generated phishing emails now produce content that is grammatically clean, tonally appropriate, and contextually specific to the recipient. 82.6% of phishing emails in 2025 contained AI-generated content.

More significantly, AI has enabled attackers to personalize multi-vector sequences at scale. A voice cloned from three seconds of public audio can be used in a vishing call that sounds precisely like the employee's manager. A phishing email can be written in the style of a vendor the organization has been corresponding with for years.

The signals that single-vector training prepared employees to recognize have been systematically reduced. What remains is a judgment call about process and protocol — the kind of judgment that develops through exposure to coordinated scenarios, not through isolated template recognition.

You're measuring the right thing in the wrong conditions

The core problem with single-vector simulation is not that it tests the wrong skill. It is that it tests the right skill in the wrong conditions and uses the results to draw conclusions about a different set of conditions.

A click rate measures whether an employee can identify an attack signal in isolation. That is a different measurement from how an employee's judgment holds when they have already been primed by a prior touchpoint, under time pressure, with the request appearing to come from multiple credible sources simultaneously.

Organizations that optimize their security programs around click rate reduction are improving a metric with limited predictive value for the incidents that now matter most. Not because click rate is irrelevant — it is a reasonable leading indicator. But it was designed for a threat environment where attacks arrived as single events rather than coordinated sequences.

The right unit of measurement is not "did the employee click on this email?" It is "how does this employee's judgment hold when they have already been primed by a previous touchpoint?" These are different capabilities, and they require different testing to surface.

Three questions your current program probably can't answer

For security leaders evaluating their current programs, the multi-vector reality points to a few specific questions worth working through.

The first is whether your simulation design reflects how attacks are actually arriving. A simulation library built from generic single-channel templates tests for recognition of signals that AI-generated content is specifically designed to eliminate. Simulations built from real attack patterns — including the actual sequences detected targeting your organization — produce more relevant behavioral data.

The second is whether your measurement framework captures judgment under combined pressure. Aggregate click rates average out the population and mask the specific roles, teams, and workflow contexts where sequenced attack pressure is most likely to succeed. Behavioral profiling at a more granular level identifies where organizational exposure actually concentrates, before an attacker finds it.

The third is whether your program adapts continuously. A simulation library that reflects what attackers were doing last year is not the same as one that reflects what is targeting your organization this week. The connection between what your gateway detects and what your training addresses is the infrastructure question that determines whether your readiness data stays current or drifts.

Conclusion

Multi-vector attacks are not a new phenomenon. The sequencing strategy has been a feature of sophisticated social engineering for decades. What has changed is that AI has made this strategy operationally accessible at a scale that previously required significant resources and planning.

The security awareness programs most organizations are running were not designed for this. That is not a criticism. They were designed for a different threat environment, and many elements of them remain valid. The gap worth closing is specific: the testing methodology that underpins most programs measures a single-channel capability and uses it to draw conclusions about organizational readiness for multi-channel pressure.

Closing that gap requires two things working together. First, simulations that replicate the actual sequence of how coordinated attacks land — across email, voice, and chat — not just one channel in isolation. Second, a direct connection between what your detection layer is seeing and what your training program is running. When those two systems share data, every real attack targeting your organization becomes input for the next simulation. Readiness stops being a calendar exercise and becomes a continuous response to the threat environment as it actually exists.

The question most security programs are built around is whether employees can spot a suspicious email.

The question that matters is whether their judgment holds when the attack has already been underway for two steps.

Escrito por:
Contenido
Actúa ahora antes de que lo hagan los atacantes
Unifique las simulaciones de deepfake, la formación personalizada y el análisis de riesgos en una única plataforma que cree una defensa mensurable.
Hable con un experto

Anticípate antes de que ataquen.