We regularly see cases of successful phishing attacks. Most of them involve people being conned into sharing valuable personal information with unauthorized parties. This is usually done over email but sometimes involves a phone call.
A frequent scam goes like this. You receive an email from someone claiming to work at an organization you trust or regularly interact with such as your bank or a retailer you often shop with. They seem legitimate because they have likely gathered some accurate information about you from social media, your company website, press releases, or other public means. Since they get a few details right, you may be inclined to believe them. But you must dig deeper to determine if the request is legitimate.
You may be asked for personal information that could be used to access funds — credit card numbers, bank account information, passwords, etc. — or even asked to wire money. All this is done, of course, under false pretenses. And it could cost your business a heap of money and hassle.