Social networking platforms and external cloud services often used by employees are the primary targets for cybercriminals, warns cybersecurity firm Kaspersky.

According to the report, employees tend to access platforms such as YouTube, Facebook, Google Drive, Gmail and WhatsApp on corporate devices. These platforms are often targeted by cyber fraudsters in phishing attacks.

According to anonymised data analysed by the firm, the top five applications where phishing attempts were found most often were Facebook with 4.5 million phishing attempts, followed by WhatsApp with 3.7 million attempts, Amazon with 3.3 million, Apple at 3.1 million and Netflix with 2.7 million attempts.

“Google’s offerings bundled together, including YouTube, Gmail and Google Drive hold the sixth position with 1.5 million phishing attempts,” the report said.

As per the report, the top five most blocked applications on corporate devices include Facebook, Twitter, Pinterest, Instagram and LinkedIn.

“These decisions can be made for a variety of reasons, such as complying with data regulations, or in line with specific organization requirements for social media use. And while it includes Facebook, which is actively exploited by scammers, it doesn’t include messengers, file-sharing or mail services – probably because they are often used for working purposes as well as for personal needs,” the report said.

The firm advises employers to conduct cybersecurity training of employees and use proper security tools to prevent cyber attacks.

“We can’t imagine our daily lives, and work, without different web services, including social media, messenger apps and file-sharing platforms. However, it is important for any organization to understand where threats may come from and what technology and awareness measures are needed to prevent them. Businesses also need to provide their employees with comfortable use of services they require, so it is crucial to get the balance right,” said Tatyana Sidorina, a security expert at Kaspersky.