AUSTIN, TX – May 7, 2025 (Cyber Newswire) – SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million phished data records recaptured from the criminal underground over the last six months. Phishing attacks have been growing in scale and sophistication, and SpyCloud’s research reveals that cybercriminals are increasingly targeting high-value identity data that can be used for follow-on attacks like ransomware, account takeover, and fraud.
While the data reflects only a snapshot of the phishing threat landscape, it provides valuable insights for organizations seeking to bolster defenses, enhance user training, and prevent identity-based attacks.
Key findings from SpyCloud’s analysis of phished data include:
- 94% of Fortune 50 companies have employee identity data exposed as a consequence of phishing attacks.
- 81% of these records contain email addresses, 42% include IP addresses, and 31% include user-agent information identifying device and browser details.
- The top impersonated industries in phishing campaigns include: telecommunications, IT, and financial services.
- Two thirds of the 5.5 million records contained credentials, financial information, or visitor metadata, while 37% came from email targeting lists (a collection of addresses selected for phishing attempts, not necessarily resulting in compromise).
Phishing attacks are on the rise – not because organizations lack defenses, but because cybercriminals are modernizing their tactics, evolving phishing campaigns into industrial scale operations with phishing-as-a-service (PhaaS) platforms and AI. With the ability to automate the creation of sophisticated phishing kits, threat actors can more easily harvest credentials and 2FA codes, distribute phishing links via QR codes, and bypass CAPTCHAs to avoid detection.
SpyCloud will dive deeper into these findings during its upcoming webinar on Thursday, May 15, Phish Happens: What Recaptured Data Reveals About the Industrialization of Phishing. Organizations interested in detecting and disrupting phishing-related identity exposures before they escalate are invited to register here.
About SpyCloud
SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations. SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include seven of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.
To learn more and see insights on users’ companies’ exposed data, users can visit spycloud.com.
