Phishing Clicks: Spotting scams before they hit you

20.02.2025

Despite more frequent training, employees in 2024 clicked on links in phishing emails approximately three times as often as the previous year, according to a study. Cybercriminals are primarily targeting cloud storage with these attacks.

Phishing, the practice of setting bait to “fish” for passwords and other secrets, remains one of the most significant threats in the cyber realm. Such emails typically appear innocuous. Opening them is not the issue. The real danger lies in enticing email attachments or links. Increasingly, links from other sources like websites pose a threat as well.

The proportion of employees in companies who followed such a link rose to 0.8 percent in 2024, nearly tripling from 0.3 percent in 2023, according to findings by the Californian cybersecurity provider Netskope. One of the primary targets of these attacks is cloud storage, as reported by heise online.

Bildmotiv zu Trotz regelmäßiger Schulungen bleibt die Gefahr groß: Während viele E-Mail-Phishing erkennen, werden — Trotz regelmäßiger Schulungen bleibt die Gefahr groß: Während viele E-Mail-Phishing erkennen, werden betrügerische Links auf Webseiten oft übersehen – mit teils gravierenden Folgen. Bildquelle: Adobe Stock/ OpticalDesign

Email Phishing Just the Tip of the Iceberg

Many companies now conduct regular training sessions, teaching employees, for example, to scrutinize the domain of an email address behind the @ symbol when in doubt. As a result, the tactic of email phishing has become widely known. However, when it comes to enticing links on websites, awareness often seems to fade, posing significantly greater risks today.

Despite the training and security drills, many employees still click on such links. Researchers attribute this to fatigue from the increasing number of phishing emails and traps on the internet. The reward principle and the often AI-driven growing creativity of cybercriminals exacerbate the problem.

Search Engine Scams on the Rise

Search engine phishing is on the rise, with cybercriminals placing ads or exploiting search engine optimization (SEO) to ensure their websites appear at the top of search results, giving them an air of legitimacy.

Ten percent of the clicks on malicious links tracked by Netskope occur in online shops, with other sources including technology, entertainment, and B2B websites. More than a quarter of the phishing links clicked in 2024 led to deceptive login pages for cloud services, making it easy for attackers to gain access to sensitive corporate data and identify further targets. The primary targets last year were Microsoft’s cloud applications, which accounted for 42 percent of attacks, followed by the Adobe Cloud and DocuSign, with 18 and 15 percent respectively.

Source header image: Adobe Stock / suldev