Phishing attacks on Australian workers growing more successful

Netskope Threat Labs’ latest threat report for Australia has found that the rate of Australian workers clicking on phishing links has grown by 140% since the last report was published in 2024.

The report found that an average of 1.2% of Australian workers clicked on a phishing link each month in the last 12 months. Nearly one in five clicks were driven by phishing messages impersonating Microsoft or Google with the goal of stealing workers’ corporate credentials, accessing company systems and sensitive data.

Google has meanwhile become the most impersonated brand in cloud phishing schemes, accounting for 75% of observed campaigns, while Microsoft appeared in 25% of phishing attempts. But gaming platforms accounted for the majority (52%) of observed phishing campaigns, compared to 19% for cloud platforms and 4.8% for government services.

Another trend captured in the report involves the increased risks associated with corporate usage of generative AI tools. The research found that 87% of Australian organisations have employees using GenAI applications on at least a monthly basis, with ChatGPT (73%), Google Gemini (52%), and Microsoft Copilot (44%) remaining the most popular applications. But ChatGPT usage declined between May and June for the first time since launch in 2022.

The prevalence of AI in the workplace is creating risks associated with employees often unintentionally leaking sensitive data in prompts or documents sent to GenAI apps, Netskope said. The most commonly exposed data include intellectual property (42%), source code (31%) and regulated data (20%). Risks are compounded by 55% of local workers using personal GenAI accounts for work purposes.

To help manage these risks, Australian organisations are taking actions including blocking certain GenAI apps based on security, privacy or compliance concerns. The most blocked apps in Australia include DeepSeek (with access restricted by 69% of organisations), Reverso Translation (34%) and Stable Diffusion (32%).

In line with trends seem globally, Grok meanwhile has a 30% block rate, which the report cites as an indication that Australian businesses are taking actions to align their GenAI usage with internal risk frameworks and data protection standards.

Other actions taken to control risks include deploying company-approved GenAI apps to their workforce, applying data security safeguards, and monitoring usage patterns. But Netskope Threat Labs director Ray Canzanese warned that authorising safe channels cannot erase all the risks of shadow AI.

“We expect more individuals within organisations to experiment with generative or agentic AI deployments, which presents significant shadow AI and data security risks,” he said. “We are seeing positive signs from Australian organisations, who have been proactive in deploying data loss prevention to avoid data leaks via GenAI applications specifically, but they should now turn their attention to detecting and securing emerging and future AI systems so that teams can enjoy the benefits of AI innovation without leaving the front door wide open.”

The report can be found here.

Image credit: iStock.com/Just_Super