Kaspersky Lab’s anti-phishing system was triggered more than 246 million times last year, representing a 59% increase compared to 2016, according to a new report by the cyber security software provider.
Phishing has long been considered one of most widespread and effective cyber crime methods, fuelling attacks ranging from mass emails sent to millions of people to those targeting specific individuals.
The report notes the prominence of phishing attacks centred around Bitcoin in 2017. These include fake lottery wins that supposedly pay out in bitcoins, but instead of providing your details to collect your prize, you are actually passing your details on to scammers.
Another campaign involves emails pretending to offer bitcoin mining tools or trading instructions. The emails contain attachments that masquerade as the advertised service but are little more than shells to deliver malware.
Kaspersky predicts that these kinds of scams will continue in 2018, but they might use cryptocurrencies other than Bitcoin. There are a number of reasons for this: cyber criminals tend to change their schemes routinely to avoid detection, people may be fearful of Bitcoin following its price crash in February 2018 and people might be more easily fooled if the messages refer to other cryptocurrencies.
Speaking to SC Magazine, Nadezhda Demidova, lead web-content analyst at Kaspersky Lab, said: “Everything will depend on the prices of crypto-currencies and the level of excitement around them. Given the level of interest around the crypto currency, not only technically savvy people are interested in this topic.”
The Kaspersky report also predicts that cyber criminals will continue to “closely monitor world events and famous figures so as not to miss any opportunity to extract money and personal info”. It singles out national elections (including the US midterms and Russian presidential election) and the 2018 FIFA World Cup as potential topics for cyber criminals to exploit.
It also cites existing phishing campaigns themed around the World Cup. Such emails usually use official logos of the event and of sponsors (such as Coca-Cola and Visa) and “say that during such-and-such lottery, supposedly held by a well-known organization, the recipient was randomly selected among a million others as the winner of a huge cash prize. Besides money, scammers sometimes promise tickets to competitions. The details are usually outlined in file attachments using official competition and sponsor logos”.
Can your employees spot a phishing attack?
When given time to think about it, people will usually be able to identify a phishing email. The problem is that they often don’t have the time to analyse every email they come across, leading them to click on a malicious link without looking closely at the content of the message or who it’s from.
The key to protecting your organisation from phishing attacks is to train staff to spot suspicious emails quickly and to take an extra moment to confirm whether a message is authentic.
Our Simulated Phishing Attack assesses your employees’ ability to do just that. The service provides an independent assessment of employee susceptibility and benchmarks your security awareness campaigns. It can help you:
- Satisfy compliance and regulatory requirements;
- Adapt future testing to areas and employees of greatest risk; and
- Reduce the number of employee clicks on malicious emails.