More Sophisticated Phishing Tactics Are Increasing Cyber Risks

July 10, 2025

There is an alarming trend in cybersecurity in which more than 90 percent of phishing campaigns result in victims' devices being infected with malware.

Phishing is a type of cyber-attack where attackers disguise themselves as trustworthy entities to trick individuals into revealing sensitive information, such as passwords, credit card numbers, or other personal data. This is typically done through deceptive emails, websites, or text messages that appear legitimate.

The 90 percent figure is based on data collected from various cybersecurity studies and reports. These studies analyze the outcomes of phishing attacks and the types of malware delivered through these campaigns.

Phishing has become one of the most prevalent forms of cyber-attacks, with attackers constantly evolving their methods to bypass security measures.

Many individuals and organizations do not have adequate security measures in place to detect and prevent phishing attacks. This includes lack of employee training, outdated security software, and insufficient monitoring of suspicious activities.

The malware delivered through phishing campaigns can vary, including ransomware, spyware, and trojans, all of which can have devastating effects on the victim's data and systems.

Commentary

According to the FBI's Internet Crime Complaint Center (IC3), phishing (including email and social media scams) is the most reported cybercrime category.

In 2022, the IC3 received over 300,000 phishing complaints, leading to significant financial losses. The Anti-Phishing Working Group (APWG) observed nearly five million phishing attacks in 2023, marking the worst year on record.

Additionally, Kaspersky's anti-phishing systems blocked over 700 million phishing attempts in 2023, a 40 percent increase from the previous year.

Phishing trends indicate a continuous rise in attack volumes, with attackers employing more sophisticated tactics such as multi-factor authentication (MFA) bypass and QR-code phishing.

Organizations are frequently targeted, with 94 percent of them experiencing phishing attacks in 2023.

The final takeaway is that the prevalence of phishing underscores the need for robust security measures, ongoing knowledge of types of scams, and vigilance to protect against these threats.

Sources: https://www.securitymagazine.com/articles/101115-over-90-of-phishing-campaigns-lead-victims-to-malware and https://controld.com/blog/phishing-statistics-industry-trends/  

Here is a checklist on common phishing scams: [rt]

  • Unsolicited emails (a/k/a phishing), texts (a/k/a smishing), or messages that appear to be from a legitimate source that contain:
    • Demands for private information/credentials/personal identifiers
    • Offers of money or valuables in exchange for private information/credentials/personal identifiers
    • Demands to perform an action and/or select a link/attachment
    • Threats made unless an action is taken and/or a link/attachment is selected
  • Unsolicited emails, texts, or messages offering deals/goods/money
  • Emails requesting consideration for employment
  • Unsolicited responses to offers of employment with attachments/links
  • Online messages purporting to be from employees/contractors/ agents/vendors requesting changes to direct deposit/transfer/wire instructions
  • Online messages from public entities/law enforcement threatening fines/penalties/incarceration
  • Targeted online messages to a person/organization using familiar information/tone/language demanding unsolicited/unusual action or altering previously agreed instructions (a/k/a spear phishing or whale phishing)
  • Routine online messages that have added links or attachments or have replaced/altered the routine links/attachments (a/k/a clone phishing)
  • Links to imitation websites that request/demand private information/credentials/personal identifiers
  • Imitation/fraudulent notifications/ads on legitimate websites/browsers (a/k/a pop-up phishing)
  • Imitation/fraudulent social media notices or posts that request/demand private information/credentials/personal identifiers (a/k/a angler phishing)
  • Voice calls imitating legitimate persons/organizations/agencies requesting/demanding private information/credentials/personal identifiers (a/k/a vishing)
Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Does Busy Work Drain Employee Productivity? You Make The Call

Two surveys reveal that busy work is keeping workers down. Is that the case with your organization? You make the call and join the conversation.

More Sophisticated Phishing Tactics Are Increasing Cyber Risks

Phishing is finding a higher percentage of victims. We examine and provide common phishing schemes.

Negligent Supervision Claims And Patient Exploitation

A victim claims a nurse practitioner sexually assaulted them under the guise of providing medical treatment. We examine the claim and provide some insight into negligent supervision claims.

The Macy's Mystery Has People Asking: What Fraud Was Committed?

Macy's reports a $154M loss was uncovered within its shipping department. We look at the facts and the mystery that surrounds this historic loss.

Should Employers Focus More On Worker's Personal Fulfillment? You Make The Call

Sixty-six percent of surveyed workers regret their career choices. Should employers focus on worker's personal fulfillment? You make the call and join the conversation.