Emails are out: phishing increasingly via search engines
Despite training, more employees are clicking on phishing links. They are aware of attacks in emails, but are less careful when searching the web.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
In companies, employees clicked on phishing links almost three times as often last year than in 2023, according to figures from security company Netskope. Over 0.8 percent of employees followed such a link, compared to less than 0.3 percent in the previous year. Cloud storage in particular was targeted by attackers.
The majority of companies train their employees in dealing with phishing. The researchers attribute the fact that they still click on fake links to cognitive fatigue caused by the high number of phishing attempts and the creativity of the attackers. Fake websites are now more difficult to recognize than before. As awareness of phishing in emails is now high, most clicks on links come from other sources.
Search engine phishing on the rise
Almost one in five clicks on a phishing link came from a search engine. Cyber criminals placed advertisements there or exploited search engine optimization to ensure that the fake websites appeared as high up as possible in the search results. Shopping websites accounted for ten percent of clicks. Other sources of phishing links were technology, business and entertainment websites. Here, attackers hid their links in advertisements and comments. Browser providers try to protect against phishing sites with AI.
More than a quarter of the phishing links clicked on led to fake login pages for cloud services. These accesses are valuable for attackers as they allow access to internal company data and may make other victims reachable. The most frequent target among the cloud applications was Microsoft, with over 42 percent of phishing clicks. It was followed by Adobe Cloud with a share of 18 percent and DocuSign with 15 percent.
Shadow IT risk
Another risk to company data is the use of personal cloud applications by employees. 88% of them use cloud apps at least once a month and more than a quarter upload data to them. Company content also unknowingly ends up in personal cloud accounts, for example in automatic backups of smartphones. Business messages in private email accounts and appointments in private calendars are also critical. They often contain links to video conferences or meeting notes. Google Calendar was recently affected by a phishing attack.
Videos by heise
In 94 percent of companies, employees used generative AI applications. To prevent internal data from reaching the AI providers, almost three quarters of them block at least one app. Quillbot, Beautiful.ai and AiChatting were blocked most frequently. 45 percent rely on data loss protection to control the flow of data. Around a third rely on coaching tools that, for example, notify users if an AI tool in the company is not authorized for sensitive data.
For the study, Netskope analyzed threats detected by its customers between November 2023 and 2024. The researchers used anonymized usage data from their products and did not take the effects of the threats into account.
(sfe)
