Cybercriminals Are Getting Smarter About Phishing—and CEOs Are on the Hook

Phishing scams are evolving fast, with attackers using both mass campaigns and laser-focused tactics to go after high-value corporate targets.

Cybersecurity researchers in Russia are sounding the alarm on the rising sophistication of phishing attacks. According to Irina Zinovkina, head of analytical research at Positive Technologies, phishing today falls into two major categories: mass and targeted.

Mass phishing remains the most widespread method. Hackers impersonate trusted brands—think IT companies, banks, or online retailers—and send out emails with malicious attachments or links designed to steal personal data. These campaigns rely on sheer volume to land victims.

But it’s targeted phishing that poses the greatest threat to businesses. In these attacks, cybercriminals go after specific individuals—usually senior executives—with tailored schemes that require more time and resources. Though complex, these tactics are proving to be the most effective, often orchestrated by coordinated fraud groups.

The data tells a clear story: 84 percent of phishing attacks are delivered via email. Websites are used in 23 percent of cases, and just 4 percent are launched through social networks or messaging apps.

Hackers are especially interested in state institutions (15 percent of attacks), industrial enterprises (10 percent), and IT companies (9 percent).

And the stakes are high. In 63 percent of cases, the result is stolen confidential information. In 28 percent, the company’s operations are disrupted, sometimes halting entirely. Less frequent—but still serious—outcomes include national security risks (6 percent) and direct financial losses (5 percent).