Phishing attacks are a cybercriminals most effective way to gain access to devices and accounts.
They can be simple or complex.
Any platform can be used in phishing scams.
Email, texting, Facebook, Linked-In, phone call, website, you name it and there is a way to use it in a phishing scam.
Cybercriminals use human nature to trick their target.
Many cybercriminals "do their homework" before they start their attack.
This "homework" often involves researching the company and employees in the company.
They use the information found to impersonate key people in the company or create a scenario where they seem like a legitimate person/company to continue interacting with.
Sometimes cybercriminals compromise an external account and use it to gain trust or access with their target.