Phishing is one of the most flexible types of ‘social engineering’ attack, as it can be disguised in many ways and used for different purposes. To create a phishing page, all one needs to do is create a replica of a popular or trusted website, lure unwary users to the site and trick them into entering personal information. Such information often includes financial credentials such as bank account passwords or payment card details, or access credentials for social media accounts. It could also be a case of getting someone to open an attachment or click on a link that then downloads malware onto their computer. The consequences of such attacks may range from a loss of money to the compromise of an entire corporate network. Phishing attacks, especially of the malicious link or attachment variety are a popular initial infection vector for targeted attacks on organizations.
The rapid growth of phishing attacks in 2018 is part of a long running trend, with both 2017 and 2016 experiencing increases of 15% on the previous year. However, the 2018 figure marks a new peak.
The financial sector was hit especially hard: Over 44% of all phishing attacks detected by Kaspersky Lab technologies were aimed at banks, payment systems and online shops. This means that there were almost as many financial phishing attacks in 2018 as there were phishing attacks overall in 2017.
The country with the highest percentage of users attacked by phishing remained Brazil with 28% of all attacked users. Portugal, which was in 7th place a year ago, is now ranked second with 23% of users, while Australia moved from second to third, with 21% of those affected.
“The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods used for enticing users to visit fraudulent pages. 2018 was marked by the active exploitation of new schemes and tricks, such as scam-notifications, along with the perfection of old ones, for instance the traditional scams around Black Friday or national holidays. All in all, scammers are becoming better at taking advantage of important occasions happening around the world, like the FIFA world football championship,” said Tatyana Sidorina, security researcher at Kaspersky Lab.
Other findings of the spam and phishing in 2018 report include:
Kaspersky Lab experts advise users to take the following measures to protect themselves from phishing:
Find more details about spam and phishing in 2018 on Securelist.com
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.