Americans are becoming more effective at avoiding spam calls and texts, but new research suggests that the strategy comes with an unexpected cost.
A new survey of 1,000 Americans from privacy company Cloaked, revealed that two-thirds of respondents have missed an important phone call because they ignored an unknown number. One in three have missed a call from a doctor, hospital, or healthcare provider, while others report missing calls from employers, pharmacies, financial institutions, government agencies, and even family emergencies.
The findings come at a time when cybercrime losses have hit a new all-time high. According to the FBI’s Internet Crime Complaint Center (IC3), losses recorded in 2025 stood at $20.9 billion. This was the first time that annual losses crossed the $20 billion mark. More than a million complaints were registered that year, averaging about 3,000 per day.
Americans simply don’t answer unknown numbers anymore
The survey shows that avoiding unfamiliar phone numbers has become the norm rather than the exception.
Around eight in ten Americans say they rarely or never answer calls or texts from numbers they don’t recognize. More than a quarter never answer unknown calls at all, while others send them to voicemail, assume they’re spam, or screen them before deciding whether to respond. On average, respondents reported receiving 16 spam calls and nine spam texts every month.
Those habits are causing many Americans to miss legitimate calls. Sixty-six percent of respondents said that they have missed an important call because they screened calls from unknown numbers. The most frequently missed legitimate callers were healthcare professionals, followed by employers, pharmacies, insurers, banks, government bodies, and family emergencies.
Phishing emails are considered the most convincing attack
While robocalls remain the most irritating form of spam, phishing emails emerged as the communication people are most likely to believe.
Forty percent of respondents identified phishing emails as the most convincing spam format, ahead of spam text messages (21%), social media direct messages (20%), robocalls (10%), and messaging apps (9%).
Phishing emails also ranked as the attack people are most likely to engage with accidentally. Nearly one-third of respondents said emails present the highest risk of an unintended click or response, followed by social media messages, spam texts, robocalls, and messaging apps.
The findings suggest that while consumers have become highly skeptical of unexpected phone calls, email keeps on giving attackers an opportunity to exploit there trust to gain access to personal accounts and information.
Trust in organisations handling personal data remains low
The research also highlights widespread skepticism about who should be trusted with personal phone data.
Forty-two percent of respondents said they don’t trust any of the major phone carriers, technology companies, or government agencies included in the survey to handle their phone information responsibly.
Among those that did inspire confidence, the Do Not Call Registry ranked highest, followed by Verizon, the federal government, the FCC, and Apple, although each was trusted by only a relatively small share of respondents.
Consumers are divided on identity verification
Despite their privacy concerns, some respondents indicated they would exchange personal information for fewer spam calls.
Thirty-six percent said they would opt into a system allowing their phone carrier to share their identity with a federal database if it reduced spam calls by 80%.
Support increases as the promised reduction improves. If spam could be reduced by 95%, 42% would share a government-issued ID. However, one-quarter of respondents said they would refuse to share any personal information regardless of how effective the system proved to be.
Generational differences also emerged. Gen Z respondents were the most willing to participate in identity verification programmes, while Baby Boomers were the least willing.
Americans are changing how they share phone numbers
Consumers are also becoming more selective about where they provide their real phone numbers.
More than half refuse to share their number on social media, while many avoid providing it for online shopping, dating apps, loyalty programmes, LinkedIn, travel bookings, or financial services. Eleven percent report using burner numbers specifically to reduce spam.
When it comes to protecting themselves, enabling carrier spam filtering was the most common defence, followed by limiting where phone numbers are shared, registering with the Do Not Call Registry, reporting spam, and using call-blocking applications.
Phishing has become an identity and infrastructure problem
Katherine Obermeyer, Consumer Education at Cloaked, says: “The mistake is treating phishing as an awareness problem. In 2026, phishing has become an identity and infrastructure problem. Attackers can now use AI to mimic tone, timing, branding, and urgency well enough to make a normal person click a malicious link.
“Many breaches still begin with something very small: one credential entered into the wrong page, one fake invoice approved, or one employee trusting a message that looks like it came from an authentic system.”
Defences are still built around guesswork
She says what stands out in this data is that people know cybercrime is exploding, but their everyday defences are still built around suspicion and guesswork. “If 40% of Americans say phishing emails are the most convincing spam format, and 32% say they are the most likely to trigger accidental engagement, that tells us the inbox is still one of the easiest places to convert trust into compromise.”
This is especially relevant as AI-powered attacks scale because the attacker’s job is to fool the right person at the right time, Obermeyer explains. “Security teams should assume some users will engage and design controls that make a single mistake survivable.”
Living in a constant stream of suspicious emails, texts, calls, and DMs
Obermeyer adds: “The $20.9 billion in reported cybercrime losses is both a financial milestone and a signal that traditional defenses are being overwhelmed by volume. Nearly 3,000 complaints a day means users are living in a constant stream of suspicious emails, texts, calls, and DMs, and that fatigue creates opportunity for attackers. Phishing sits underneath supply chain breaches, zero-days, AI-driven threats, and identity security because it is often the bridge between the human target and the technical compromise.”
In the end, she says organisations should stop relying on perfect user judgment and start limiting the amount of personal data and credential exposure attackers can weaponise to begin with.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.


