Netskope threat research identifies next gen phishing tactics

SANTA CLARA, Calif. – Netskope, the SASE computer security platform provider has released their new threat research which reveals the top sources of phishing attacks and cloud vulnerabilities.

Threats this go around are led by fake login page referrals, fake third-party cloud apps and more as detailed in the Netskope Cloud and Threat Report: Phishing. These threats mimic legitimate apps in order gain access to unsuspecting users’ information.

“Although email is still a primary mechanism for delivering phishing links to fake login pages to capture usernames, passwords, MFA codes and more, the report reveals that users are more frequently clicking phishing links arriving through other channels, including personal websites and blogs, social media, and search engine results,” Netskope wrote. “The report also details the rise in fake third-party cloud apps designed to trick users into authorizing access to their cloud data and resources.”

Email has been the traditional delivery method for phishing attempts however Netskope’s report notes that webmail made up 11% of attempts recorded as opposed to personal sites and blogs which were responsible for 26% of referrals to phishing content. That’s extrapolated from roughly 8 out of every 1000 enterprise users who clicked on phishing links or accessed phishing content during Q3 2022.

Search engines have also seen a rise of referrals to phishing pages due to attackers creating pages based on uncommon or obscure search terms, which sees them becoming the top link for search results. “Business employees have been trained to spot phishing messages in email and text messages, so threat actors have adjusted their methods and are luring users into clicking on phishing links in other, less expected places,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “While we might not be thinking about the possibility of a phishing attack while surfing the internet or favorite search engine, we all must use the same level of vigilance and skepticism as we do with inbound email, and never enter credentials or sensitive information into any page after clicking a link. Always browse directly to login pages.”