https://wccftech.com/google-none-85000-employee-phished/

None of Google’s 85,000+ employees have been phished since Google started requiring everyone to use a physical security key to protect their work accounts. Phishing remains one of the most common ways for attackers to trick people – yes, even the tech-savvy ones – into giving up their credentials or installing a malicious file on their computers.

By designing carefully crafted websites or emails, legit-looking fraudulent content is used to make people click on phishing links or give up their passwords. This is how the attack on the DNC ahead of 2016 presidential election was carried out.