The two major forms of phishing is that of emails and fake websites.
These days they send it via text messages. Some hoodlums who work with communication companies and have access to lots of phone numbers send bulk SMS containing phishing links to subscribers most times they send attachments through the text from an unknown sender for you to to download. They target mostly the elderly ones who have very low security experience and of course who should have lots of money from possible retirement benefits. Same reason I remind my parents every time that they should never click any links nor even download any files they don't know from their SMS apps or emails.
Exactly, phishing attack is no limited to emails, scammers have become more advanced in their mode of operation. They can get their victim from so many ways including sending a big offer through text message in mobile phones with their phishing link attached. We should be vigilant and always obey the rule of not clicking anything that we are nor sure of the source and destination.
That could fall on the definition of social engineering attack, that's why it's very important for any crypto related employee right now to really protect their identity online as they will be the target now. There is also the offer of big money from the cyber criminals as well, offering employees to give them access. And so that is the point of failure right now, even if this employee signs a NDA to let's say a exchange, sooner or later they might be tempted if the offer is too good to be refuse.
Or if the employee didn't know that they have been targeted, they can easily fall for this trick and once the criminals got access, then we know that the possibility of them hacking millions of dollars. So if someone here is a employee, you really needed to be vigilant in your social media accounts.