Skip to content


The number of phishing attacks using legitimate software-as-a-service (SaaS) platforms has risen by 1100% since June 2021, according to a report published by Palo Alto Networks Unit 42. Notably, there has been a recent huge spike in the number of detected phishing URLs hosted on SaaS platforms since May 2022.

Many threat actors use these platforms to get around URL detection systems, such as those used to scan emails. By hosting their malicious site on a legitimate platform, a phishing email containing a link to one of these sites is less likely to be flagged as malicious and has a higher chance of reaching the intended target.

Unit 42 has noted that as many of these SaaS platforms are designed to be easy to use with little or no coding skills required, the barrier for entry to creating and launching phishing attacks has been significantly lowered, perhaps contributing to the recent sharp rise in phishing URL’s detected and created using SaaS.

The number of phishing URLs hosted on legitimate SaaS Platforms. Source:


Phishing attacks are one of the most used methods by hackers to gain access to a system. To reduce the chances of a phishing attack from becoming successful:

  • Turn on spam filters and investigate possible anti-phishing solutions. Using systems that detect phishing emails can help prevent these emails from reaching your users.
  • Train staff to spot the signs of a phishing attack, such as looking for spelling mistakes, bad grammar, odd email handles and urgent requests.
  • Should a phishing email land in your inbox, notify all staff to look out for similar emails. If possible, block the email domain and IP address.
  • Create an atmosphere of trust within your organisation – ask staff to report any phishing emails as soon as possible, especially if they have clicked on any links or files within the email.

Related Links: