According to a recent report from security firm Netskope, employee clicks on phishing websites almost tripled last year compared to 2023. Cloud storage sites were commonly targeted, at more than 0.8%. of employees clicking on these links, a notable increase from less than 0.3 percent in 2023 the previous year. The dangerous links are often encountered through search engines and employees continue to click on phishing links even after being trained. They are often less vigilant when searching the Internet, but more aware of email attacks..
Employees of several companies receive phishing awareness training. Researchers hypothesize that cognitive fatigue due to the high number of phishing attempts and the creativity of attackers could be the reason why people continue to click on fraudulent sites. Distinguishing fake websites has become more difficult. Researchers believe that most link clicks come from other sources because awareness of email phishing is now well recognized.
Search engine phishing is on the rise. Nearly 20% of clicks on phishing links came from search engines. To ensure that fraudulent websites appear high in search results, cybercriminals have placed advertisements on them or changed search engine optimization. Ten percent of those clicks were to commercial websites. Phishing URLs have also been discovered hidden in advertisements and comments on technology, business and entertainment websites. AI is used by browser manufacturers to protect against phishing websites.
More than 25% of clicks on phishing links led users to fake login pages for cloud services, making them a prime target for attackers looking to gain access to confidential company information and possibly more victims. With over 42% of phishing clicks, Microsoft was the most targeted cloud application. Adobe Cloud comes in second with 18% and DocuSign third with 15%.
Shadow IT Danger: Employee use of personal cloud applications puts company data at even greater risk. More than 25% of workers submit data to these apps and 88% of workers use them at least once a month. Sometimes, due to automatic smartphone backups, professional content unintentionally ends up in personal cloud accounts. Because they frequently contain links to video chats or meeting notes, work messages sent from private email addresses and personal calendar appointments are also dangerous. Recently, a phishing scam targeted Google Calendar.
Employees have used generative AI applications in 94% of companies. Nearly 75% of companies restrict at least one of these applications to prevent data from leaking to AI providers. The apps QuillBot, Beautiful.ai, and AiChatting were blocked most often. To control data flows, 45% of companies use data loss prevention techniques. About a third use coaching tools to alert users when an AI tool within the organization is inappropriate for sensitive data.
Using anonymized usage data for its products, Netskope examined the risks observed among its customers between November 2023 and 2024 for the study; however, the analysis did not take into consideration the impact of these attacks.
Lead the fight against cyber threats with Code Labs Academy’s Cybersecurity Bootcamp.