- Security TWENTY
- Women in Security
Annual rises in the number of phishing attacks have been observed for the last few years, says a cyber firm, yet the figure for 2018 indicates a significant surge in the use and popularity of such attacks. These and other findings are documented in Kaspersky Lab’s new report, Spam and phishing in 2018.
Phishing is one of the most flexible types of ‘social engineering’ attack, as it can be disguised in many ways and used for different purposes. To create a phishing page, all one needs to do is create a replica of a popular or trusted website, lure unwary users to the site and trick them into entering personal information. Such as financial credentials – bank account passwords or payment card details, or access credentials for social media accounts. It could also be a case of getting someone to open an attachment or click on a link that then downloads malware onto their computer. The consequences of such attacks may range from a loss of money to the compromise of an entire corporate network. Phishing attacks, especially of the malicious link or attachment variety are a popular initial infection vector for targeted attacks on organisations.
The rapid growth of phishing attacks in 2018 is part of a long running trend, with both 2017 and 2016 experiencing increases of 15 per cent on the previous year. However, the 2018 figure marks a new peak, says Kaspersky. More details at Securelist.com.
The financial sector was hit especially hard: over 44pc of all phishing attacks detected by Kaspersky Lab technologies were aimed at banks, payment systems and online shops. This means that there were almost as many financial phishing attacks in 2018 as there were phishing attacks overall in 2017. The country with the highest percentage of users attacked by phishing remained Brazil with 28pc of all attacked users. Portugal, which was in seventh place a year ago, is now ranked second with 23pc of users, while Australia moved from second to third, with 21pc of those affected.
Tatyana Scherbakova, security researcher at Kaspersky Lab, said: “The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods used for enticing users to visit fraudulent pages. 2018 was marked by the active exploitation of new schemes and tricks, such as scam-notifications, along with the perfection of old ones, for instance the traditional scams around Black Friday or national holidays. All in all, scammers are becoming better at taking advantage of important occasions happening around the world, like the FIFA world football championship.”
The biggest source of spam this year was China (at 11.69pc of the total). Near three-quarters, 74.15pc of spam emails were less than 2 KB in size.
Advice to users
Always check online addresses in unknown or unexpected messages, whether it is the web address of the site to which you are directed, the link address in a message and even the sender’s email address, to make sure they genuine and that the link in the message doesn’t cover another hyperlink. If you are not sure that the website is genuine and secure, never enter your credentials. If you think that you have may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details were compromised. Always use a secure connection, especially when you visit sensitive websites. Do not use unknown or public Wi-Fi without password protection.