In companies, employees clicked on phishing links almost three times more often last year compared to 2023, according to data from the security company Netskope. Over 0.8% of employees clicked on such links, whereas the previous year the percentage was below 0.3%. Cloud storage was a primary target for attackers.
Many companies train their employees to handle phishing attempts. However, employees still click on fake links due to cognitive fatigue from the high number of phishing attempts and the creativity of attackers. Imitated websites are now harder to spot than before. Awareness of phishing in emails is high, so most link clicks come from other sources.
Phishing through search engines is on the rise. Almost one in five clicks on a phishing link came from a search engine. Cybercriminals placed ads or used search engine optimization to make fake websites appear high in search results. Shopping websites accounted for ten percent of the clicks. Other sources of phishing links were technology, business, and entertainment websites. Here, attackers hid their links in ads and comments. Browser providers use AI to try to protect against phishing sites.
More than a quarter of clicked phishing links led to fake login pages of cloud services. For attackers, these accesses are valuable because they allow access to company data and potentially reach other victims. Microsoft was the most targeted cloud application with over 42% of phishing clicks, followed by Adobe Cloud with 18% and DocuSign with 15%.
Another risk for company data is the use of personal cloud applications by employees. 88% of them use cloud apps at least once a month, and more than a quarter upload data there. Company content can also end up in personal cloud accounts unintentionally, such as through automatic smartphone backups. Business messages in private email accounts and appointments in private calendars are also critical. They often contain links to video conferences or meeting notes. Recently, Google Calendar was affected by a phishing attack.
In 94% of companies, employees used generative AI applications. To prevent internal data from reaching AI providers, almost three-quarters block at least one app. The most frequently blocked were Quillbot, Beautiful.ai, and AiChatting. Forty-five percent use Data Loss Protection to control data flow. About a third use coaching tools that notify users if an AI tool is not approved for sensitive data within the company.
Netskope analyzed identified threats to its customers between November 2023 and 2024 for the study. Researchers used anonymized usage data from their products, without considering the impacts of the threats.