"Phishing Click Rates Triple in 2024"
Share
According to security researchers at Netskope, the rate at which enterprise users clicked on phishing lures nearly tripled in 2024. More than eight out of every 1000 users clicked on a phishing link each month in 2024, up by 190% compared to 2023. The researchers attributed the rise to a combination of cognitive fatigue, with users being bombarded with increased phishing attempts and attackers becoming more creative in delivering harder-to-detect phishing lures. The top target for phishing campaigns by number of user clicks last year were cloud applications (27%). The researchers noted that the purpose of targeting these applications is normally to compromise accounts and then sell the access on illicit marketplaces, where the buyer will use it for business email compromise, to steal data, or to pivot to other more high-value victims. Microsoft was the most targeted cloud app brand, making up 42% of phishing link clicks in this category. The next highest targets for phishing campaigns were banking (17%) and telco (13%) providers. During the study, the researchers also found a shift in the locations where users clicked on malicious phishing links. Instead of malicious links being clicked primarily in emails, a majority came from various locations across the web. This includes search engines (19% of clicks), where attackers run malicious ads or use SEO poisoning techniques to get the phishing pages listed at the top of the search engine results for specific terms. Other top sources for phishing links online include shopping (10%), technology (8.8%), business (7.4%) and entertainment (5.7%) sites. The researchers noted that the variety of phishing sources illustrates some creative social engineering by attackers. The threat actors know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results.
Infosecurity Magazine reports: "Phishing Click Rates Triple in 2024"