IT Security

Phishing attack study

by Mark Rowe

More than a quarter, 28.8 per cent, of phishing attacks in 2014 were intended to steal financial data from users, it’s suggested.

While carrying out their scams, cybercriminals have shifted their focus from bank brands to payment systems and online shopping sites, the IT security firm Kaspersky Lab says. The study of 2014 found:

Cybercriminals used the names of well-known banks in 16.3 per cent of attacks; in 2013, the level of bank phishing was 22.2 per cent

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02 per cent of detections in the Payment Systems category), PayPal (30.03 per cent of detections) and American Express (24.6 per cent)

The names of well-known online shopping sites were used in 7.3 per cent of attacks (6.5 per cent in 2013)

In 5.1 per cent of cases, Kaspersky Lab’s protection technologies were triggered by phishing pages mentioning payment systems, which is 2.4 percentage points more than in 2013.

Phishing is a type of Internet fraud that is used by cybercriminals to lure users into providing their data (account logins and passwords and other personal information) by creating fake web pages to imitate popular online resources.

Last year, the proportion of financial phishing to all phishing attacks fell by 2.7 percentage points compared to 2013, mainly due to a decrease in banking phishing. At the same time, there was proportionally more phishing targeting other financial categories.

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02 per cent of detections in the Payment Systems category), PayPal (30.03 per cent of detections) and American Express (24.6 per cent). A the same time, in 2014 detections for phishing pages mentioning PayPal saw their share fall by 14.09 percentage points compared to 2013.

Amazon remains the most commonly-attacked brand in the online shopping category – 31.7 per cent of attacks in this category used phishing pages mentioning Amazon. However, this is 29.41 percentage points less than in the previous year.

Nadezhda Demidova, web content analyst at Kaspersky Lab said: “The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively. That leads to a reduction in the levels of phishing that targets some of the larger brands. However, cybercriminals immediately responded by targeting new ‘markets’. For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams.”

Kaspersky Lab staff also recorded an increase in the proportion of financial phishing attacks against Mac OS X users.

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing