"Netskope Report: Phishing Still Alluring Bait"
Phishing is still a popular method for obtaining usernames, passwords, multifactor authentication (MFA) codes, and other sensitive information. Although users are becoming more adept at detecting phishing attempts in email and text messages, they are much more susceptible to being tricked by phishing links in unexpected places such as websites, blogs, and third-party cloud apps, according to Ray Canzanese, threat research director at Netskope Threat Labs. According to the quarterly Netskope Cloud and Threat Report, threat actors are adjusting their methods, and phishing is increasingly coming from all directions. Netskope Threat Labs publishes a report on a specific topic every quarter, based on anonymized data collected from the Netskope Security Cloud from across millions of users. The report for this quarter focused on phishing attacks between July 1 and September 30, 2022. The report reveals that many users continue to fall for phishing scams despite widespread controls and training. According to Canzanese, technology and training are still insufficient to combat the growing volume and sophistication of phishing attacks. Based on the survey results, an average of 8 out of every 1,000 enterprise users clicked on a phishing link or attempted to access phishing content in some way. Canzanese pointed out that the initial reaction is that it is not a large number. The general assumption would be that 8 out of 100 would have been much more concerning, but in a large company with 100,000 users, that translates to about 800 employees falling victim to phishing every quarter, he said. It only takes one person to enter their credentials and end up with a Business Email Compromise (BEC) situation. The use of malicious links via spam on legitimate websites and blogs, and the use of websites and blogs created specifically to promote phishing content are the two primary phishing referral methods. These were responsible for the greatest number of successful phishing attempts (26 percent). This article continues to discuss key findings and points shared in the quarterly Netskope Cloud and Threat Report.