Language
ARTICLES
12 Sep 2025
Cybersecurity

Did you know that in Q1 2025, the APWG recorded 1,003,924 phishing attacks, which is the highest figure reported since late 2023? As summer 2025 draws to a close, phishing continues to dominate the cyber threat landscape, but the numbers now reveal an even sharper rise in its impact.

In 2024, researchers observed an 84% increase in infostealers delivered via phishing emails each week compared to 2023. Early data from 2025 is more alarming still, showing a 180% jump in weekly phishing volumes versus 2023.

A report by a cybersecurity company adds another layer to this picture: there has been a 160% increase in compromised credentials so far in 2025 compared to last year. In late 2024, the company logged 14,000 cases in a single month where employee credentials were exposed in breaches despite meeting internal password policies.

The trend underscores that phishing is no longer just a nuisance; it’s a direct path to credential theft, account compromise, and large-scale business disruption. So, in this article, Atlaslive’s Information Security Lead, Maksym Shapoval, shares the latest phishing attacks and how to protect your business from one.

The Rise of Phishing in 2025

Phishing has proven again to be the attacker’s favorite weapon. The method is simple yet devastating: criminals impersonate a trusted sender and trick victims into handing over sensitive information such as passwords, credit card details, or other personal data.

What makes phishing so persistent is its versatility. It comes not only through email but also via SMS (“smishing”) or even voice calls (“vishing”), giving attackers multiple paths to their targets. Campaigns are often designed to look identical to real corporate messages, making it difficult even for trained staff to recognize them.

This summer showed how effective these tactics remain. From technology giants to government institutions, phishing was the first step in incidents that led to compromised data, financial losses, and reputational damage. The attacks are increasingly targeted, well-prepared, and often just the beginning of longer compromise chains that reach deep into company systems.

In 2025, phishing isn’t background noise; it’s the launchpad for many of the most serious breaches worldwide.

Major Phishing Incidents This Summer

The summer of 2025 brought a string of high-profile phishing incidents, showing how versatile and damaging these attacks can be.

  • Google. The giant became a victim through a compromise chain involving Salesforce’s CRM system, which started with phishing and eventually exposed sensitive data.
  • Cisco. The company was targeted with vishing (voice phishing). Attackers tricked employees over the phone, gained access to CRM systems, and exfiltrated client information.
  • Booking. The company has faced ongoing phishing campaigns that have been active since late 2024 and remain a persistent risk today.
  • UK Tax Authority. About £47 million was lost as 100,000 individuals were affected by a large-scale phishing scheme aimed at stealing personal and financial data.
  • Milford Entities, a luxury U.S. real estate developer, suffered losses of almost $19 million after falling victim to a phishing attack.

These cases underline how phishing serves as the common starting point, regardless of sector or size. Whether it’s multinational tech firms, public institutions, or private enterprises, attackers continue to use social engineering as the doorway to deeper compromises.

iGaming in the Spotlight

The iGaming sector, already under constant regulatory scrutiny, found itself directly targeted this summer. In July 2025, one of the world’s largest betting groups, confirmed a significant data breach following a targeted cyberattack.

Roughly 800,000 user records were exposed, including IP addresses, email addresses, and detailed activity logs. While financial data and passwords were reportedly unaffected, cybersecurity specialists quickly noted that this type of information can still fuel highly targeted phishing campaigns.

Attackers can leverage user activity and contact data to craft convincing, personalized lures, often far more dangerous than generic phishing attempts.

“The incident underscores why iGaming platforms are such attractive targets. They operate fully online, process constant financial transactions, and hold vast volumes of personal information—making them prime candidates for social engineering attacks. For an industry that depends on trust and seamless digital experiences, the reputational and compliance risks of such breaches are substantial.”
— Maksym Shapoval, Information Security Lead at Atlaslive

For iGaming operators, phishing defense can’t be treated as optional. It must be embedded into platform security, staff training, and incident response strategies. This case is a reminder that even without financial data exposure, compromised personal information alone can trigger damaging secondary attacks.

How Companies Can Protect Themselves

Phishing is effective because it exploits people, not just technology. To reduce exposure and limit the damage when attacks occur, companies need a multi-layered defense strategy that combines authentication, technical safeguards, and organizational readiness.

Authentication and Access Control

  • Enforce two-factor authentication (2FA) across all online systems for both employees and customers.
  • Apply the least privilege rule: staff, devices, and laptops should only have the access strictly required for their roles.
  • Implement network segmentation and need-to-know access to minimize lateral movement if an account is compromised.
  • Introduce a four-eye approval policy for all critical changes and sensitive operations, especially financial transactions.
  • Perform regular audits of access rights and comprehensive security audits to validate controls.

Email and Domain Security

  • Configure DMARC, DKIM, and SPF to verify sending domains and block spoofed emails.
  • Maintain a list of lookalike (“a-like”) domains and proactively block them.
  • Clearly mark all emails coming from outside the organization to reduce the risk of employee error.

Endpoint and Browsing Protection

  • Secure corporate devices with Mobile Device Management (MDM), Endpoint Detection and Response (EDR), or enterprise browsers with safe browsing features.
  • Continuously monitor endpoint health and browsing activity for signs of phishing payloads.

Incident Preparedness

  • Establish a single reporting channel for suspected phishing attempts and incidents.
  • Create clear runbooks that detail how to respond to phishing incidents, including notifying all employees, blocking the malicious sender organization-wide, reviewing recipient lists, and contacting affected users directly.

Employee Awareness and Training

In 2023, research showed that 10.4% of employees worldwide clicked on malicious links, and more than 60% of them went on to enter their passwords on fraudulent websites. So, staff training is always a good idea. Here’s what you can do:

  • Conduct regular phishing awareness training for staff.
  • Run periodic phishing simulations so employees learn to recognize and react to real threats.
  • Promote a culture where reporting suspicious messages is encouraged and supported.

Governance and Ongoing Review

  • Ensure continuous audits of both security posture and access rights.
  • Build resilience by embedding phishing defense into company policy, not as an option but as a required layer of operational security.

Effective protection against phishing is built from many small, consistent safeguards working together. When authentication, email defenses, access controls, staff training, and incident readiness are aligned, companies dramatically reduce both the likelihood of successful phishing attacks and the damage they can cause.

Conclusion

The summer of 2025 made one fact clear: phishing is still the entry point for most major cyber incidents, from tech giants to government agencies and even the iGaming industry. These attacks aren’t going away—they’re evolving, becoming more targeted, and often serving as the first step in larger compromise chains.

For companies, especially those handling sensitive data and financial transactions, security can no longer be treated as optional. Building resilience against phishing means layering authentication, email defenses, endpoint protection, staff training, and clear response procedures into everyday operations. The organizations that take phishing seriously today are the ones best prepared to protect their customers, their reputation, and their future tomorrow.

—————

This document is provided to you for your information and discussion only. This document was based on public sources of information and was created by the Atlaslive team for marketing usage. It is not a solicitation or an offer to buy or sell any gambling-related product. Nothing in this document constitutes legal or business development advice. This document has been prepared from sources Atlaslive believes to be reliable but we do not guarantee its accuracy or completeness and do not accept liability for any loss arising from its use. Atlaslive reserves the right to remedy any errors that may be present in this document.

Table of contents

What Makes Bitcoin Attractive?
What Makes Bitcoin Attractive?
What Makes Bitcoin Attractive?
What Makes Bitcoin Attractive?
Contact us

Lead the Game with Atlaslive’s White Label

Book a Demo
Fill the form
And we will contact you soon
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Fill the form
And we will contact you soon
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Fill the form
And we will contact you soon
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Fill the form
And we will contact you soon
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.