Kaspersky Lab has released a new report revealing that the company’s anti-phishing technologies prevented more than 482 million attempts to visit fraudulent web pages during 2018. This is a two-fold increase over 2017, when 236 million attempts were blocked, indicating a significant rise in the popularity of phishing attacks.
Phishing is one of the most versatile types of social engineering attacks. Information stolen through this type of threat can range from financial details to social media credentials, or attacks can trick users into opening a malicious attachment or link. Phishing attacks, especially of the malicious link or attachment variety, are a popular initial infection vector for targeted attacks on organizations.
The rapid growth of phishing attacks in 2018 is part of an ongoing trend. In both 2017 and 2016, Kaspersky Lab observed a 15 percent increase in phishing over the previous year; however, the 2018 figure marks a new peak for this threat.
Phishing hit the financial sector especially hard, with 44 percent of attacks detected by Kaspersky Lab technologies aimed at banks, payment systems and online shops. The country with the highest percentage of users attacked by phishing was in Brazil, with 28 percent of all users hit. Portugal, which was the seventh most attacked country in 2017, is now ranked second, with 23 percent of users facing a phishing threat in 2018. Australia moved from second to third, with 21 percent affected.
“The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods enticing users to visit fraudulent pages,” said Tatyana Sidorina, security researcher at Kaspersky Lab. “2018 was marked by the active exploitation of new schemes and tricks, such as scam-notifications, along with the perfection of old ones, such as the traditional scams around Black Friday or national holidays. All in all, scammers are becoming better at taking advantage of important occasions happening around the world, like the FIFA world football championship.”
Other findings of the spam and phishing in 2018 report include*:
- The share of spam in mail traffic was 52%, which is 4% less than in 2017.
- The biggest source of spam this year was China (11.69%).
- 74% of spam emails were less than 2 KB in size.
- Malicious spam was detected most commonly with the Win32.CVE-2017-11882 verdict.
- 18% of Kaspersky Lab users encountered phishing.
Kaspersky Lab experts advise the following tips to protect against phishing threats:
- Always double-check the URLs of links shared in unexpected messages or those from an unknown sender, to make sure that they genuine and do not cover another hyperlink that leads to a malicious page or download.
- If you are not sure that a website is genuine and secure, never enter your credentials or personal information. If you think that you have may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details may have been compromised.
- Always use a secure Wi-Fi connection, especially when visiting sensitive websites. Do not use public Wi-Fi without password If you are using an insecure connection, cybercriminals can redirect you to phishing pages without your knowledge. For added security, use VPN solutions that encrypt your traffic, such as Kaspersky Secure Connection.
- Use a security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will warn you if you are trying to visit a phishing web page.