Join us on November 9 to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers at the Low-Code/No-Code Summit. Register here.
Phishing at this point seems an age-old concept: The term can be linked as far back as the 1990s [ed. note: Reminder to fellow Gen Xers — 90s were 30 years ago, not 10].
Yet, remarkably, phishing remains a tried-and-true top source for capturing usernames, passwords, multifactor authentication (MFA) codes and other sensitive information.
While users today are indeed savvier in spotting phishing attempts in email and text messages, they are much easier to lure via phishing links in less-expected places such as websites, blogs and third-party cloud apps, said Ray Canzanese, threat research director at Netskope Threat Labs.
Call it the next generation of phishing attacks: Threat actors are adjusting their methods and phishing is increasingly coming from all directions, according to the quarterly Netskope Cloud and Threat Report.
Learn how to build, scale, and govern low-code programs in a straightforward way that creates success for all this November 9. Register for your free pass today.
“Phishing isn’t just scary emails,” he said. “Phishing is an attempt by somebody to get access to your accounts, and they’re doing it by any means necessary.”
More clever phishing
Every quarter, Netskope Threat Labs focuses a report on a specific topic, using anonymized data collected from the Netskope Security Cloud across millions of users worldwide. This quarter’s report, released today, focused on phishing between July 1 and September 30, 2022.
And the report reveals that, despite widespread controls and training, many users are still taking the phishing bait. Technology and training is “still not enough to stem the tide and volume of phishing that we’re seeing,” said Canzanese. “It seems to always continue to go up in volume.”
Per the survey, an average of 8 out of every 1,000 enterprise users clicked on a phishing link or otherwise attempted to access phishing content. (Except in financial services, where 5 out of 1,000 users accessed phishing content.)
The initial reaction to this is that it’s not that big of a number, said Canzanese. The general thinking would be, for instance, that “8 out of 100 would have been much scarier.”
But taking it into context, in a large company with 100,000 users, that translates to about 800 employees every quarter falling prey to phishing, he said.
“All it takes is one person to go in there, enter their credentials and end up in a business email compromise sit …