SpyCloud data shows 400% surge in corporate phishing

New data from SpyCloud reveals a dramatic surge in phishing attacks specifically aimed at corporate employees, signaling a significant strategic shift among cybercriminals, according to Security Boulevard.  

The company reports a 400% year-over-year increase in successfully phished identities, with business email addresses found in nearly 40% of recaptured records, making the workforce three times more likely to be phished than infected by malware. According to SpyCloud's 2025 Identity Threat Report, phishing is now the leading entry point for ransomware, responsible for 35% of infections.

Trevor Hilligoss, Head of Security Research at SpyCloud, attributes this scale to "cybercrime enablement services," such as phishing-as-a-service kits, which automate convincing lures and sophisticated tactics like capturing MFA tokens. While malware remains a threat, with nearly half of corporate users having a history of infostealer infection, the blurred line between personal and professional digital identities amplifies the risk.

Damon Fleury, SpyCloud's Chief Product Officer, argues that traditional preventive measures are insufficient and that security teams require "real-time visibility and post-compromise remediation" to neutralize stolen credentials before they are weaponized for follow-on attacks like fraud and account takeover.