{"id":15270,"date":"2025-12-05T06:45:43","date_gmt":"2025-12-05T06:45:43","guid":{"rendered":"https:\/\/newestek.com\/?p=15270"},"modified":"2025-12-05T06:45:43","modified_gmt":"2025-12-05T06:45:43","slug":"spycloud-data-shows-corporate-users-3x-more-likely-to-be-targeted-by-phishing-than-by-malware","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15270","title":{"rendered":"SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures.<\/strong><\/p>\n

SpyCloud<\/a>, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address \u2013 compared to just 11.5% in recaptured malware data. The result is a warning to enterprises that their workforce is three times more likely to be targeted with phishing attacks than infostealer malware.\u00a0<\/p>\n

The findings reinforce a growing shift in cybercriminals\u2019 strategy: phishing is now the preferred gateway into enterprise environments, and SpyCloud sees this trend continuing in 2026<\/a>. Threat actors are using this access as a launchpad for follow-on attacks, with SpyCloud reporting in its 2025 Identity Threat Report<\/a> that phishing is now the leading entry point for ransomware, accounting for 35% of all ransomware infections.\u00a0<\/p>\n

\u201cPhishing is now one of the most scalable tools cybercriminals use to breach enterprise environments,\u201d said Trevor Hilligoss, SpyCloud\u2019s Head of Security Research. \u201cCybercrime enablement services, like phishing-as-a-service kits that automate convincing lures and adversary-in-the-middle tactics that capture MFA tokens and session cookies, put advanced tactics into the hands of low-skilled actors, making it easier than ever to compromise users at scale. SpyCloud\u2019s visibility into these campaigns gives organizations a critical edge, helping them detect who\u2019s been targeted and what data has been exposed, and remediate those credentials before they can be weaponized.\u201d<\/p>\n

SpyCloud is the only provider recapturing and automatically remediating successfully phished identity data and targeting lists at scale before follow-on attacks like ransomware, fraud, and account takeover can occur.<\/p>\n

\u201cMany organizations rely on traditional defenses like email filtering, endpoint protection, and employee education to stop phishing and malware attempts, but those tools only go so far,\u201d said Damon Fleury, SpyCloud\u2019s Chief Product Officer. \u201cAttackers are still getting through \u2013 and when they do, it\u2019s the exposed identity data that enables further harm. Security teams need to be vigilant about what\u2019s already been compromised and circulating in the criminal underground. Prevention is important, but without real-time visibility and post-compromise remediation, it\u2019s not enough.\u201d<\/p>\n

While phishing has become a dominant entry point, malware remains a critical threat vector. In the age of remote work and bring-your-own-device policies, personal exposures are increasingly used to compromise enterprise environments. A recent example is the 2025 Nikkei breach<\/a>, where malware on a personal device led to the compromise of sensitive corporate data. Despite only 11.5% of recaptured malware infections exfiltrating business email addresses directly, SpyCloud data shows that nearly 1 in 2 corporate users<\/a> have been the victim of an infostealer malware infection in their digital history, whether that be on a managed or unmanaged device \u2013 a strong indicator that threat actors are moving laterally from personal to corporate accounts.<\/p>\n

\u201cProtecting the enterprise means looking beyond corporate accounts,\u201d Fleury added. \u201cDue to the continuous reuse of passwords and shared identity data across work and personal accounts like mobile numbers, the line between a user\u2019s personal digital history and their professional access effectively no longer exists. That\u2019s why it\u2019s essential to monitor and remediate exposures across the full spectrum of an individual\u2019s digital identity \u2013 personal and professional.\u201d<\/p>\n

SpyCloud is the leader in holistic identity protection, detecting and protecting organizations from the phishing, malware, and breach exposures of employees, contractors, and vendors across personal and professional identities. Users can click here<\/a> to learn more.<\/p>\n

About SpyCloud:<\/strong><\/p>\n

SpyCloud<\/a> transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics and AI to proactively prevent ransomware and account takeover, detect insider threats, safeguard employee and consumer identities, and accelerate cybercrime investigations. SpyCloud\u2019s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.<\/p>\n

To learn more and see insights on their company\u2019s exposed data, users can visit spycloud.com<\/a>.<\/p>\n

Contact<\/strong><\/h5>\n

Sr. Account Director<\/strong><\/p>\n

Emily Brown<\/strong><\/p>\n

REQ on behalf of SpyCloud<\/strong><\/p>\n

spycloud@req.co<\/strong><\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with nearly 40% of the 28+ million recaptured phished records containing a business email address \u2013 compared to… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15270","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15270"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15270\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}