Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Report: Phishing Has Surged 400% Year-Over-Year

    KnowBe4 Team | Dec 10, 2025

    Email Based ThreatsResearchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.

    “The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data,” the researchers write. “The result is a warning to enterprises that their workforce is three times more likely to be targeted with phishing attacks than infostealer malware.”

    The researchers warn that these findings show that attackers are increasingly using phishing as an initial access vector into corporate networks.

    “The findings reinforce a growing shift in cybercriminals’ strategy: phishing is now the preferred gateway into enterprise environments, and SpyCloud sees this trend continuing in 2026,” SpyCloud says.

    “Threat actors are using this access as a launchpad for follow-on attacks, with SpyCloud reporting in its 2025 Identity Threat Report that phishing is now the leading entry point for ransomware, accounting for 35% of all ransomware infections.”

    Trevor Hilligoss, SpyCloud’s Head of Security Research, said in a statement, “Phishing is now one of the most scalable tools cybercriminals use to breach enterprise environments.

    “Cybercrime enablement services, like phishing-as-a-service kits that automate convincing lures and adversary-in-the-middle tactics that capture MFA tokens and session cookies, put advanced tactics into the hands of low-skilled actors, making it easier than ever to compromise users at scale.”

    AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    SpyCloud has the story.

     

    Return To KnowBe4 Security Blog

    See how KnowBe4 can protect you from inbound and outbound email threats, and automate your training.

    ESC_HRM_URS_illustration_kb4Request your personalized demo to see how our technology:

    • Defends against advanced phishing attacks that other products miss
    • Prevents misdirected emails or files
    • Use live threat intelligence and behavioral analytics to automate personalized KnowBe4 training
    • Continuously assesses human risk and dynamically adapts policy controls
    • Enforces information barriers to meet compliance requirements
    • Stops unauthorized data exfiltration
    • Protects sensitive data without introducing friction

    It’s simple. Together we are stronger.

    Request a Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/products/cloud-email-security/demo

    Topics: Social Engineering, Phishing, Human Risk Management

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.