Kaspersky records 130 million phishing attacks in Q2 2019

Kaspersky Labs latest report on phishing found that attacks have jumped 16% in the second quarter of 2019, compared to the same quarter in 2018.  

Cyber criminals are continuing to take advantage of the trust between individuals and companies by using fake registration, subscription and feedback forms to get victims to reveal their personal details.

 

Looking at the stats

Kaspersky detected 129.9 million phishing redirects in the second quarter of this year; this accounted for part of the global torrent of spam email, which comprised 57.6% of all email traffic. The most targeted organisations were banks (30.7%), payment systems (20.1%), global Internet portals (18%), social networks (9%) and online stores (7.1%). 

Greece came top for the proportion of Kaspersky users targeted by phishing (26.2%)followed by Venezuela (25.7%), Brazil (20.9%) and Australia (17.7%). 

The source of spam emails was topped by China (23.7%), followed by the US (13.8%)Russia (4.8%)Brazil (4.6%) and France (3.1%). 

Sources of spam by country, via Kaspersky

Sources of spam by country, via Kaspersky 

Maria Vergelis, a security researcher at Kaspersky, notes that cyber criminals are constantly changing their tactics and looking for new ways to deliver spam and launch phishing attacks:  

“For example, they’re trying to exploit some popular legitimate services (such as online calendars), or use contact forms and registration services on sitesSuch tricks allow them to send messages with legitimate headers and increase delivery rate. Of course, the main task of MSPs [managed service providers] and vendors now is to monitor such trends to react on time and improve their detection products.” 

 

Top exploits in Q2 2019

 

1.Spam through Cloud-based storage services 

Cyber criminals are using Cloud-based storage services such as Google Drive to mask their content and make malicious links appear trustworthyMeanwhile, Google Calendar is being used to send meeting invitations containing malicious links, and Google Forms is being used to create bogus forms or surveys to collect victims’ personal data. 

 

2. Baiting victims through sporting events, TV shows and films  

The 2019 UEFA Europa League Final, the final season of Game of Thrones and the release of Avengers: Endgame were just some of the major entertainment events to be exploited by crooks.  

Examples include invitations to watch sports broadcasts, and filling in a form to get codes for a Game of Thrones mobile game. The scams involved asking the user to take a survey, provide details, subscribe to a service, install adware and so on, which are not only intrusive, they potentially hand over personal data and credit card information to the scammers. And, in the end, you don’t even get to watch the Avengers. 

 

3. Tax refunds 

In many countries, the second quarter of the year is the deadline for submitting tax returns. 

It can be a stressful, hectic time, which cyber criminals capitalise on by sending phishing emails that say the recipient is entitled to a tax refund, but only if they act urgently. 

In examples detected by Kaspersky, the aim of such emails was to acquire personal information including bank card details and CVV codes.   

 

4. Tourist phishing 

People are increasingly falling victim to holiday and travel scams. 

Kaspersky recorded a high number of phishing attacks targeting tourists and jet-setters with promises of cheap accommodation and flights. Links in phishing emails purportedly from organisations such as Airbnb, Expedia and Booking.com directed victims to fake websites with forms where they could enter their personal details. 

 

Example of mirror image website used in phishing scams, via Kaspersky

Example of mirror image website used in phishing scams, via Kaspersky 

 

5. Email services 

Cyber criminals are imitating email services to steal login credentials from their victims. 

These phishing emails are designed to look authentic, often including the email service’s logo and an email address almost identical to the service’s address. The emails usually say there is a problem with the user’s account, with instructions to click a link or open an attachment, and a threat of what will happen should the user fail to take action.  

 

How to spot and avoid a scam

Our top tips for spotting and avoiding a scam 

  1. Always check the link address and senders email before clicking links in any emails. 
  2. Look out for spelling and grammar mistakes. 
  3. Never download or open unsolicited email attachments from unfamiliar addresses. 
  4. Be suspicious of emails that create a sense of urgency and ask you to verify personal information. 

 

How to spot a phishing attack

 

Protect your organisation from phishing emails

Remember these tips and look out for other clues so that you can spot a suspicious email before it’s too late.    

Phishing and ransomware staff awareness course

Organisations that want to make their employees more vigilant should consider our Phishing and Ransomware – Human patch e-learning course. 

This online training course is the perfect introduction to phishing, providing a crash course in email-based threats. In just a few minutes, you and your staff will understand what phishing is, how it works and what to look out for. 

Buy now >>


Further reading:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.