Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Social Engineering - Americans are ignoring scam calls, but phishing emails still fool many
Social Engineering Attacks Latest News News & Analysis Study & Research

Americans are ignoring scam calls, but phishing emails still fool many

Kirsten DoyleBy Kirsten DoyleJuly 15, 20266 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Americans are ignoring scam calls
Share
Facebook Twitter LinkedIn Email Copy Link
AI Summary

Americans are becoming more effective at avoiding spam calls and texts, but new research suggests that the strategy comes with an unexpected cost.

Forty percent of respondents identified phishing emails as the most convincing spam format, ahead of spam text messages (21%), social media direct messages (20%), robocalls (10%), and messaging apps (9%). .

She says what stands out in this data is that people know cybercrime is exploding, but their everyday defences are still built around suspicion and guesswork. “If 40% of Americans say phishing emails are the most convincing spam format, and 32% say they are the most likely to trigger accidental engagement, that tells us the inbox is still one of the easiest places to convert trust into compromise.”.

Basic summary
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Americans are becoming more effective at avoiding spam calls and texts, but new research suggests that the strategy comes with an unexpected cost.

A new survey of 1,000 Americans from privacy company Cloaked, revealed that two-thirds of respondents have missed an important phone call because they ignored an unknown number. One in three have missed a call from a doctor, hospital, or healthcare provider, while others report missing calls from employers, pharmacies, financial institutions, government agencies, and even family emergencies. 

The findings come at a time when cybercrime losses have hit a new all-time high. According to the FBI’s Internet Crime Complaint Center (IC3), losses recorded in 2025 stood at $20.9 billion. This was the first time that annual losses crossed the $20 billion mark. More than a million complaints were registered that year, averaging about 3,000 per day.

Americans simply don’t answer unknown numbers anymore

The survey shows that avoiding unfamiliar phone numbers has become the norm rather than the exception.

Around eight in ten Americans say they rarely or never answer calls or texts from numbers they don’t recognize. More than a quarter never answer unknown calls at all, while others send them to voicemail, assume they’re spam, or screen them before deciding whether to respond. On average, respondents reported receiving 16 spam calls and nine spam texts every month. 

Those habits are causing many Americans to miss legitimate calls. Sixty-six percent of respondents said that they have missed an important call because they screened calls from unknown numbers. The most frequently missed legitimate callers were healthcare professionals, followed by employers, pharmacies, insurers, banks, government bodies, and family emergencies.

Phishing emails are considered the most convincing attack

While robocalls remain the most irritating form of spam, phishing emails emerged as the communication people are most likely to believe.

Forty percent of respondents identified phishing emails as the most convincing spam format, ahead of spam text messages (21%), social media direct messages (20%), robocalls (10%), and messaging apps (9%). 

Phishing emails also ranked as the attack people are most likely to engage with accidentally. Nearly one-third of respondents said emails present the highest risk of an unintended click or response, followed by social media messages, spam texts, robocalls, and messaging apps. 

The findings suggest that while consumers have become highly skeptical of unexpected phone calls, email keeps on giving attackers an opportunity to exploit there trust to gain access to personal accounts and information.

Trust in organisations handling personal data remains low

The research also highlights widespread skepticism about who should be trusted with personal phone data.

Forty-two percent of respondents said they don’t trust any of the major phone carriers, technology companies, or government agencies included in the survey to handle their phone information responsibly. 

Among those that did inspire confidence, the Do Not Call Registry ranked highest, followed by Verizon, the federal government, the FCC, and Apple, although each was trusted by only a relatively small share of respondents. 

Consumers are divided on identity verification

Despite their privacy concerns, some respondents indicated they would exchange personal information for fewer spam calls.

Thirty-six percent said they would opt into a system allowing their phone carrier to share their identity with a federal database if it reduced spam calls by 80%.

Support increases as the promised reduction improves. If spam could be reduced by 95%, 42% would share a government-issued ID. However, one-quarter of respondents said they would refuse to share any personal information regardless of how effective the system proved to be. 

Generational differences also emerged. Gen Z respondents were the most willing to participate in identity verification programmes, while Baby Boomers were the least willing. 

Americans are changing how they share phone numbers

Consumers are also becoming more selective about where they provide their real phone numbers.

More than half refuse to share their number on social media, while many avoid providing it for online shopping, dating apps, loyalty programmes, LinkedIn, travel bookings, or financial services. Eleven percent report using burner numbers specifically to reduce spam. 

When it comes to protecting themselves, enabling carrier spam filtering was the most common defence, followed by limiting where phone numbers are shared, registering with the Do Not Call Registry, reporting spam, and using call-blocking applications. 

Phishing has become an identity and infrastructure problem

Katherine Obermeyer, Consumer Education at Cloaked, says: “The mistake is treating phishing as an awareness problem. In 2026, phishing has become an identity and infrastructure problem. Attackers can now use AI to mimic tone, timing, branding, and urgency well enough to make a normal person click a malicious link. 

“Many breaches still begin with something very small: one credential entered into the wrong page, one fake invoice approved, or one employee trusting a message that looks like it came from an authentic system.”

Defences are still built around guesswork

She says what stands out in this data is that people know cybercrime is exploding, but their everyday defences are still built around suspicion and guesswork. “If 40% of Americans say phishing emails are the most convincing spam format, and 32% say they are the most likely to trigger accidental engagement, that tells us the inbox is still one of the easiest places to convert trust into compromise.”

This is especially relevant as AI-powered attacks scale because the attacker’s job is to fool the right person at the right time, Obermeyer explains. “Security teams should assume some users will engage and design controls that make a single mistake survivable.”

Living in a constant stream of suspicious emails, texts, calls, and DMs

Obermeyer adds: “The $20.9 billion in reported cybercrime losses is both a financial milestone and a signal that traditional defenses are being overwhelmed by volume. Nearly 3,000 complaints a day means users are living in a constant stream of suspicious emails, texts, calls, and DMs, and that fatigue creates opportunity for attackers. Phishing sits underneath supply chain breaches, zero-days, AI-driven threats, and identity security because it is often the bridge between the human target and the technical compromise.”

In the end, she says organisations should stop relying on perfect user judgment and start limiting the amount of personal data and credential exposure attackers can weaponise to begin with.

Kirsten Doyle
Kirsten Doyle
Information Security Buzz News Editor

Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.

  • Kirsten Doyle
    Sysdig uncovers first documented agentic ransomware operation
  • Kirsten Doyle
    AI-assisted software engineering is creating a new delivery paradox
  • Kirsten Doyle
    Klue supply chain breach exposes Salesforce data at several security firms
  • Kirsten Doyle
    AI-Powered Attacks Become Top Concern for Security Professionals, New Filigran Survey Reveals

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Ad Fraud is Much More Than a Marketing Problem

March 6, 20265 Mins Read

AI Is Making Social Engineering Harder to Detect—But We’re Still Training People Like It’s 2015

March 5, 20266 Mins Read

Sextortion and the Psychology of Fear: How Scammers Are Targeting Teenagers

January 28, 20268 Mins Read
ISB-Bora-Side-Bar

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}