{"id":1488,"date":"2025-01-13T07:30:00","date_gmt":"2025-01-13T07:30:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1488"},"modified":"2025-01-13T07:30:00","modified_gmt":"2025-01-13T07:30:00","slug":"phishing-click-rates-tripled-in-2024-despite-user-training","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1488","title":{"rendered":"Phishing click rates tripled in 2024 despite user training"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>For years organizations have invested in <a href=\"https:\/\/www.csoonline.com\/article\/3604803\/security-awareness-training-topics-best-practices-costs-free-options.html\">security awareness training<\/a> programs to teach employees how to spot and report phishing attempts. Despite those efforts, enterprise users were three times as likely in 2024 to land on phishing pages compared to the previous year, according to a report from security vendor Netskope.<\/p>\n<p>Based on telemetry collected from its secure web gateway and cloud-based SASE platform, Netskope found that 8.4 out of every 1,000 users clicked on a phishing link every month during the past year, compared to 2.9 in 2023.<\/p>\n<p>\u201cThe main factors leading to this increase are cognitive fatigue (with users constantly being bombarded with phishing attempts) and the creativity and adaptability of the attackers in delivering harder-to-detect baits,\u201d the company said in its annual <a href=\"https:\/\/www.netskope.com\/netskope-threat-labs\/cloud-threat-report\/cloud-and-threat-report-january-2025#pillar_content_4\">Cloud and Threat report<\/a>.<\/p>\n<p>The rise of large language models (LLMs) almost certainly <a href=\"https:\/\/www.csoonline.com\/article\/3499156\/llms-fueling-a-genai-criminal-revolution-according-to-netcraft-report.html\">played a role<\/a> in this surge as well, as attackers can now easily automate the creation of phishing lures that are more diverse, grammatically correct, and targeted for every organization.<\/p>\n<h2 class=\"wp-block-heading\">Phishing via search engine results<\/h2>\n<p>A big part of phishing detection training inside organizations focuses on spotting phishing emails, but this is <a href=\"https:\/\/www.csoonline.com\/article\/563353\/8-types-of-phishing-attacks-and-how-to-identify-them.html\">far from the only way<\/a> attackers entice users to click on links that lead to fake websites trying to steal their credentials.<\/p>\n<p>Based on Netskope\u2019s data, the majority of phishing clicks came from various locations on the web, with search engines being a top referrer. Attackers have been highly successful in running malicious ads or using so-called <a href=\"https:\/\/www.csoonline.com\/article\/651125\/emerging-cyber-threats-in-2023-from-ai-to-quantum-to-data-poisoning.html\">SEO poisoning techniques<\/a> to inject malicious links into the top search engine results for specific terms.<\/p>\n<p>Other big referrers for phishing pages were shopping, technology, business, and entertainment websites. The ways in which attackers get malicious links onto such sites is through spamming comment sections, buying malicious ads that are then displayed on those site through ad networks \u2014 a technique known as <a href=\"https:\/\/www.csoonline.com\/article\/567045\/what-is-malvertising-and-how-you-can-protect-against-it.html\">malvertising<\/a> \u2014 or by compromising the sites themselves and directly injecting phishing pop-ups into pages.<\/p>\n<p>\u201cThe variety of phishing sources illustrates some creative social engineering by attackers,\u201d the Netskope researchers wrote. \u201cThey know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results.\u201d<\/p>\n<p>The top targets for phishing attacks have been credentials to cloud apps, with Microsoft 365 being the most targeted with 42%, followed by Adobe Document Cloud (18%) and DocuSign (15%). Many phishing sites pose as login pages for these services but also offer login options with other identity providers. including Office 365, Outlook, Aol, or Yahoo.<\/p>\n<p>\u201cThere is no doubt that LLMs have played a role in attackers crafting more convincing phishing lures,\u201d Ray Canzanese, director of Netskope Threat Labs, told CSO. \u201cLLMs can provide better localization and more variety to try to evade spam filters and increase the probability of fooling the victim.\u201d<\/p>\n<p>Cybercriminals have even created <a href=\"https:\/\/www.csoonline.com\/article\/564321\/6-ways-hackers-will-use-machine-learning-to-launch-attacks.html\">specialized LLM-assisted chatbots<\/a> such as <a href=\"https:\/\/www.csoonline.com\/article\/646441\/wormgpt-a-generative-ai-tool-to-compromise-business-emails.html\">WormGPT<\/a> or FraudGPT that are being advertised and sold on underground forums, claiming to be capable of writing better phishing lures, among other features.<\/p>\n<p>\u201cMore broadly, Netskope is seeing gen AI tools being used in targeted phishing campaigns, usually by mimicking a high-profile individual in the targeted organization,\u201d Canzanese said. \u201cThe attacker sends messages generated using LLM, or even uses deepfake audio and video.\u201d<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/3529639\/deepfakes-break-through-as-business-threat.html\">Deepfakes have been on the rise<\/a> in enterprises, with 15% of executives recently citing that their companies\u2019 financial data has been targeted by cybercriminals via deepfake scams, according to a survey from Deloitte.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>For years organizations have invested in security awareness training programs to teach employees how to spot and report phishing attempts. Despite those efforts, enterprise users were three times as likely in 2024 to land on phishing pages compared to the previous year, according to a report from security vendor Netskope. Based on telemetry collected from [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1488","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1488"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1488"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1488\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1489"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}