Case Studies

Banking phishing schemes

by Mark Rowe

Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by an IT security firm’s heuristic detection technologies were aimed at stealing their victim’s money, according to an analysis of the financial threat landscape by the company, Kaspersky Lab.

Compared to 2015, the amount of financial phishing attacks increased 13.14 percentage points in 2016 to comprise 47.48 per cent of all phishing attacks blocked by heuristic detection according to Kaspersky.

In 2016 the Lab’s anti-phishing detected almost 155 million user attempts to visit kinds of phishing pages. Of those, almost half of heuristic detections were attempts to visit a financial phishing page, namely where the aim was to obtain valuable personal information from users — such as their account numbers for banking, credit accounts, social security numbers, and the login and passwords they use to access online banking. The cybercriminals intended to use this information to steal money from their victims. This is the highest share of financial phishing registered to date by the Lab.

Every fourth (25.76 per cent) attack used fake online banking information, or other content related to banks – a result that is 8.31 percentage points up on 2015. The share of phishing related to payment systems and e-shops accounted for 11.55 per cent and 10.14 per cent respectively. The share of financial phishing detected on MacOS computers was 31.38 per cent.

Financial phishers are particularly keen to use data related to top multi-national banks, popular payment systems and internet shops and auctions from the US, China and Brazil in their scams. The list of brands used stays the same from year to year, as their popularity remains high and they are therefore a lucrative target for cyber-criminals according to the IT firm.

Nadezhda Demidova, senior web content analyst at Kaspersky Lab, said: “Financial phishing has always been one of the easiest ways for cybercriminals to earn illegal money. You don’t have to be a skilled programmer, and you don’t have to invest lots of money into supporting infrastructure. Of course, most phishing schemes are easy to recognise and avoid, but judging by what we see in our statistics, lots of people are still not cautious enough when it comes to dealing with financial data online. Otherwise, we wouldn’t have seen so many attacks in 2016.”

Visit the blog at https://securelist.com/.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing