Last year, phishing attacks emerged as one of the main threats targeting Internet users. Simple and effective, phishing attacks have multiplied worldwide. As a reminder, this type of cyberattack aims to obtain personal data on users, including banking details.
A record year for phishing
According to Netskope researchers, the past year was a record year for phishing operations. According to the experts, company employees "clicked on phishing lures nearly three times more often than in 2023". The study’s findings are based on data collected by Netskope from businesses around the world.
More than 8 out of 1,000 users clicked on fraudulent links each month in 2024, compared to just 2.9 the previous year. That’s an increase of nearly 200% year over year. The success rate for such scams is rising sharply. Once the target has clicked on the malicious link, the chances of obtaining their personal data are high.
Why phishing is more effective
To explain the increasing effectiveness of phishing attacks, Netskope researchers first highlight the ubiquity of personal cloud applications in the enterprise. Most employees use personal applications to process sensitive business data.
These practices increase the attack surfaces that allow hackers to achieve their ends. Netskope points to the transit of sensitive data to cloud applications, email, AI, social networks or calendars.
The report also highlights that Internet users are massively bombarded with phishing links from all directions. Assailed by email, on Facebook or in their Google searches, Internet users end up falling into the trap, victims of their cognitive fatigue. In short, users' mental capacities are exhausted and they can no longer remain vigilant.
In addition, cybercriminals are increasingly ingenious. Armed with tools boosted by generative artificial intelligence, they can create convincing phishing messages. It has become very difficult to spot all the attacks. Cybercriminals use AI, such as ChatGPT, to write flawless persuasive content, to come up with scams or to design a phishing website.
In these conditions, researchers believe that educating users to identify phishing is not enough. To protect against hackers, it is also necessary to make "investments in modern data protection". It is also necessary to significantly restrict access to personal tools for individuals in their professional environment, with a view to reducing the attack surface.
Source: Netskope
0 Comments