Other major targets of phishing pages were shopping, technology, business, and entertainment websites. The ways in which attackers obtain malicious links from such sites are by spamming comment sections, buying malicious ads that are then displayed on that site through ad networks – a process known as phishing – or by compromising the sites themselves and directly injecting phishing pop-ups. on the pages.
“Various sources of phishing are indicative of social engineering invented by attackers,” Netskope researchers wrote. “They know that their victims may be wary of incoming emails (where they are repeatedly taught not to click on links) but will freely click on links in search engine results.”
The top target of phishing attacks has been data cloud applications, with Microsoft 365 being the most targeted at 42%, followed by Adobe Document Cloud (18%) and DocuSign (15%). Many phishing sites serve as login pages for these services but also offer options to log in with other identity providers. including Office 365, Outlook, Aol, or Yahoo.
Source link