Research says Phishing overtakes Dark Web as primary source of stolen Personal Information
Research says Phishing overtakes Dark Web as primary source of stolen Personal Information
Publish Date: 2026-06-08 01:54:00
Source Domain: www.cybersecurity-insiders.com
For years, the Dark Web has been regarded as the primary marketplace for stolen personal and corporate information. Cybercriminals frequently relied on underground forums and marketplaces to buy and sell sensitive data obtained from previous breaches. However, recent findings suggest that the cybercrime landscape is undergoing a significant shift.
According to the 2026 Enterprise Social Engineering Report compiled by Optery, phishing and other social engineering techniques have now emerged as the leading methods used by hackers to obtain valuable information, pushing the Dark Web into a secondary role.
The report, which gathered insights from more than 420 cybersecurity leaders across various industries, highlights growing concerns about the security of employee information. Surprisingly, only 4 percent of respondents expressed confidence that their employees’ personal data—including phone numbers, residential addresses, and details about family members—was adequately protected from cybercriminals.
The remaining 96 percent admitted uncertainty regarding their organizations’ ability to defend against increasingly sophisticated cyberattacks. Many cybersecurity professionals interviewed for the report suggested that the Dark Web now serves more as a repository or “information dumpster” where previously stolen data is stored and traded. While the information remains valuable, hackers are increasingly focusing on acquiring fresh and actionable data directly from victims through deception rather than relying solely on historical data breaches.
One of the most effective methods being used today is social engineering, particularly phishing and vishing attacks. In phishing campaigns, cybercriminals send fraudulent emails or messages designed to trick employees into revealing passwords, login credentials, or confidential business information. Vishing, or voice phishing, involves attackers impersonating trusted individuals over phone…
