Other big referrers for phishing pages were shopping, technology, business, and entertainment websites. The ways in which attackers get malicious links onto such sites is through spamming comment sections, buying malicious ads that are then displayed on those site through ad networks — a technique known as malvertising — or by compromising the sites themselves and directly injecting phishing pop-ups into pages.
“The variety of phishing sources illustrates some creative social engineering by attackers,” the Netskope researchers wrote. “They know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results.”
The top targets for phishing attacks have been credentials to cloud apps, with Microsoft 365 being the most targeted with 42%, followed by Adobe Document Cloud (18%) and DocuSign (15%). Many phishing sites pose as login pages for these services but also offer login options with other identity providers. including Office 365, Outlook, Aol, or Yahoo.