Phishing Clicks Surge in 2024 as Criminals Evolve Tactics

The number of workers clicking on phishing links saw a major increase in 2024, putting businesses of all sizes at risk of compromise, new research has claimed. A report from Netskope based on anonymized usage data collected by its Netskope One platform found that during the year, for every 1,000 workers, there were 8.4 who clicked on a link in a phishing email. This represents a threefold increase from the year before, when just 2.9 people did the same.

• Microsoft a popular target
• Changing Tactics of Threat Actors
• The Evolving Nature of Phishing Attacks

Microsoft a popular target

Netskope’s report indicates that the significant increase in successful phishing attempts can be attributed to two primary factors: people suffering from cognitive fatigue due to the overwhelming number of phishing attacks and the adaptability of threat actors who engage in increasingly creative tactics. This has led to campaigns that are harder for individuals to detect.

The findings reveal that threat actors have developed a keen interest in gaining access to cloud applications, which accounted for over a quarter of all clicks. Notably, Microsoft’s Live and 365 credentials emerged as particularly valuable targets. Other widely targeted platforms included:

• Yahoo and AOL: These services also attracted significant phishing attempts.
• Adobe and DocuSign: Pages impersonating these brands were used as gateways to obtain more sensitive credentials.

“Microsoft’s popularity as a phishing target is unsurprising because Microsoft 365 is the most popular productivity suite by a large margin,” the report stated. To combat this rising threat, Netskope suggests that businesses revamp their phishing awareness training. Current programs often focus too heavily on email, neglecting other potential attack vectors.

Changing Tactics of Threat Actors

Interestingly, email is no longer the predominant medium distributing phishing links. Netskope asserts that this shift largely stems from heightened awareness among users regarding suspicious emails. As a result, threat actors have pivoted to alternative methods of deception. According to the report:

• Search Engine Optimization (SEO) Poisoning: Users have been tricked into clicking malicious links that appear in search engine results.
• Malicious Ads: Shopping, technology, and entertainment sites have been utilized to distribute phishing links through infected ads and deceptive comment sections.

This shift in tactics underscores the need for a broader approach to educate employees about the myriad ways they can be targeted by phishing schemes.

The Evolving Nature of Phishing Attacks

As phishing attacks become more sophisticated, organizations are forced to adapt their defenses. The Netskope report emphasizes the urgency for businesses to reassess their cybersecurity strategies in light of these developments. Key considerations include:

• Multi-Factor Authentication (MFA): Implementing MFA can help reduce the likelihood of unauthorized access even if credentials are compromised.
• Continuous Security Training: Regularly updating training sessions to address new phishing trends will enhance employees’ ability to recognize threats.
• Investment in Security Tools: Utilizing advanced security technologies and endpoint protection tools can provide additional layers of defense against phishing attempts.

With the digital landscape constantly evolving, organization leaders must remain vigilant and stay updated on emerging threats. The ability to adapt quickly to the changing nature of phishing campaigns will determine the resilience of businesses in safeguarding sensitive information.

Implementing a robust cybersecurity strategy can significantly mitigate risks associated with phishing. As the tactics of threat actors continue to evolve, organizations that prioritize continuous education and technological investments will be better positioned to protect their employees and assets.