According to a new study by netscope.
The company’s threat research found that financial services employees are among the most cautious, with just five out of 1,000 globally falling for phishing content during the quarter.
While webmail services such as Gmail, Microsoft Live and Yahoo have always been considered the top source of phishing, these services only accounted for 11% of phishing alerts during the period, Netskope said.
Rather, personal websites and blogs, especially those hosted on free hosting services, were the most common referrers to phishing content, accounting for 28% of phishing content.
Search engine referrals to phishing pages have also become common vectors, with examples identified for search including content on how to use specific features in popular software, quiz answers for online courses, as well as user manuals for professional and personal products.
Netskope Threat Research director Ray Canzanese said the results demonstrate attackers are diversifying their approaches.
“Corporate employees have been trained to detect phishing messages in emails and text messages, so threat actors have adjusted their methods and tricked users into clicking on phishing links in other less expected places,” he said.
“While we may not think about the possibility of a phishing attack while surfing the internet or our favorite search engine, we all need to exercise the same level of vigilance and skepticism as we do with incoming emails, and never enter credentials or sensitive information into any page after clicking a link.Always go directly to login pages.