Websites overtake webmail as top phishing vector

Eight out of every 1000 Australian employees accessed phishing sites or content in the third quarter, on par with the global average, according to new research from Netskope.

Threat research conducted by the company found that financial services employees are among the most cautious, with only five in 1000 globally falling for phishing content during the quarter.

While webmail services such as Gmail, Microsoft Live and Yahoo have traditionally been considered the top phishing source, these services only accounted for 11% of phishing alerts during the period, Netskope said.

Personal websites and blogs, particularly those hosted on free hosting services, were instead the most common referrers to phishing content, representing 28% of phishing content.

Search engine referrals to phishing pages have also become common vectors, with examples identified for the research including content on how to use specific features in popular software, quiz answers for online courses, as well as user manuals for both business and personal products.

Netskope Threat Research Director Ray Canzanese said the findings demonstrate that attackers are diversifying their approaches.

“Business employees have been trained to spot phishing messages in email and text messages, so threat actors have adjusted their methods and are luring users into clicking on phishing links in other, less expected places,” he said.

“While we might not be thinking about the possibility of a phishing attack while surfing the internet or favourite search engine, we all must use the same level of vigilance and scepticism as we do with inbound email, and never enter credentials or sensitive information into any page after clicking a link. Always browse directly to login pages.”

Image credit: iStock.com/Just_Super