More users than ever experiencing phishing attack attempts

Share this article:
CTO of media company faked-out employees with "phishing" emails
CTO of media company faked-out employees with "phishing" emails

Researchers at Kaspersky Lab have documented a drastic increase in the number of web users who have been "subjected" to phishing attacks over the past year, according to a new report.

The Moscow-headquartered security firm found that 37.3 million people faced the prospect of being phished in 2012 to present day, an 87 percent increase over the same period between 2011 and 2012.

In its "The Evolution of Phishing Attacks" study [PDF], Kaspersky Lab studied threats faced by roughly 50 million customers running its security products.

For several years, Kaspersky researchers have been warning that phishing is the preferred method of online criminals to steal information and foist malware – almost always with the goal to profit – but the mechanisms to automate the process are becoming even more rapidly automated and commercialized with each passing year.

[T]he nature of phishing attacks is such that the simplest types can be launched without any major infrastructure investments or in-depth technological research," the report said. "This situation has led to its own form of commercialization of these types of attacks, and phishing is now being almost industrialized, both by cyber criminals with professional technological skills and IT dilettantes."

Phishing can be spread in various ways, with most attacks (89 percent) appearing in the browser, versus email (11 percent), the report said.

"Phishers use several different methods to trick their potential victims," the report said. "In addition to the obvious need to create a detailed copy of a website that will be used to attack the victim, the criminals also prepare their cover story by using similar website URLs, replacing one or several characters in the name of the website, or using recognizable website names in the sub-domains.

"If the delivery channel for a phishing link is email or electronic documents (.doc, .odf, or others), malicious users will often resort to the hyperlink features typically available in most text editors and email clients," the report added. "In this case, the text of the email or document will display the link to the real site, but the link will actually lead to the website created by the malicious users."

As expected, popular brands like Google, Amazon and Facebook are common brands that are abused by phishing attacks, as well as banks and other financial institutions, according to the study. Most of the scams targeted users in Russia, the United States, India, Vietnam and the U.K.

Kaspersky Lab recommended businesses employ a combination of education and technology to limit the threat.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.