Report: Phishing Has Surged 400% Year-Over-Year - KnowBe4

Security Awareness Training Blog Report: Phishing Has Surged 400% Year-Over-Year KnowBe4 Team | Dec 10, 2025 Share Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts. “The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address – compared to just 11.5% in recaptured malware data,” the researchers write. “The result is a warning to enterprises that their workforce is three times more likely to be targeted with phishing attacks than infostealer malware.” The researchers warn that these findings show that attackers are increasingly using phishing as an initial access vector into corporate networks. “The findings reinforce a growing shift in cybercriminals’ strategy: phishing is now the preferred gateway into enterprise environments, and SpyCloud sees this trend continuing in 2026,” SpyCloud says. “Threat actors are using this access as a launchpad for follow-on attacks, with SpyCloud reporting in its 2025 Identity Threat Report that phishing is now the leading entry point for ransomware, accounting for 35% of all ransomware infections.” Trevor Hilligoss, SpyCloud’s Head of Security Research, said in a statement, “Phishing is now one of the most scalable tools cybercriminals use to breach enterprise environments. “Cybercrime enablement services, like phishing-as-a-service kits that automate convincing lures and adversary-in-the-middle tactics that capture MFA tokens and session cookies, put advanced tactics into the hands of low-skilled actors, making it easier than ever to compromise users at scale.” AI-powered security awareness training can give your organization an essential layer of defense against phishing and other social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk. SpyCloud has the story.   Return To KnowBe4 Security Blog See KnowBe4 Cloud Email Security in Action Request a personalized demo today to see how KnowBe4's Cloud Email Security products will enhance your email security. Request a Demo Topics: Social Engineering, Phishing, Human Risk Management ABOUT KNOWBE4 TEAM The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure. Read more from KnowBe4 » Subscribe to Our Blog Email* Notification Frequency* Instant Daily Weekly Monthly Security Awareness Training Blog RSS Feed All Posts Posts by Tag Phishing (2436) Security Awareness Training (1713) Social Engineering (1336) Ransomware (944) KnowBe4 (917) See all Posts By Topic Phishing (2436) Security Awareness Training (1713) Social Engineering (1336) Ransomware (944) KnowBe4 (917) Security Culture (626) View All Search Our Blog Get the latest insights, trends and security news. Subscribe to CyberheistNews.