Kaspersky Lab’s anti-phishing system blocked more than 482 million visits to fake websites during 2018, more than twice as many as 2017 when 236 million similar attempts were blocked. Annual increases in the number of phishing attacks have been observed in recent years, but for 2018 there is a significant increase in such attacks. These and other findings are recorded in Kaspersky Lab’s new report, Spam and Phishing in 2018.
Phishing is one of the most versatile attack tools using the “social engineering” method, as it can be masked in many ways and used for different purposes. To create a phishing page, all you need to do is make a copy of a trusted site, attract naughty users to the site, and mislead them to enter personal information.
The rapid rise in phishing attacks in 2018 is part of a large current trend (2017 and 2016 have seen consistent increases of 15% over previous years). However, 2018 is marked by a new record.
The financial sector has suffered particularly severe shocks: More than 44% of all Kaspersky Lab-targeted e-phishing attacks targeted banks, payment systems and online stores. This means that in 2018 the number of phishing financial attacks was the same as the total number of phishing attacks detected in 2017.
“The increase in the number of phishing attacks can be affected by the increasing efficiency of social engineering methods used to lure users to visit insecure pages. In 2018, it was marked by the active exploitation of new shapes and bays, such as misleading updates, combined with the refinement of traditional methods, such as scams during Black Friday and other national holidays. In conclusion, aspiring hackers are getting better when they take advantage of major international circumstances, such as the World Championship of National Soccer Teams”,
said Tatyana Scherbakova, security researcher at Kaspersky Lab.
Other findings of the spam and phishing report in 2018 include:
- The percentage of spam in email traffic reached 52.48%.
- The biggest source of spam this year was China (11.69%).
- 74.15% of unwanted emails were smaller than 2 KB in size.
- Malicious spam was most commonly detected under the name Win32.CVE-2017-11882.
- The Anti-Phishing system was activated 482,465,211 times.
- 18.32% of unique users have experienced phishing attacks.
Kaspersky Lab experts advise users to take the following steps to protect themselves from phishing attacks:
- Always check e-mail addresses in unknown or unexpected messages, be it the web address of the site they are addressed to, the link address in a message, or the sender’s email address to make sure they are authentic and that the link in the message does not cover another hyperlink.
- If you are not sure that the site is genuine and secure, never log in your login information. If you think you may have entered your login and password on a fake page, change your password immediately and call your bank if you think your card details have been violated.
- Always use a secure connection, especially when you visit sensitive sites. Do not use unknown or public Wi-Fi that is not password protected. If you use a bad connection, digital criminals can redirect you to phishing pages without you knowing it. For maximum protection, use VPN solutions that encrypt your move, such as Kaspersky Secure Connection.
- Use an appropriate security solution with behavior-based behavioral technologies such as Kaspersky Security Cloud and Kaspersky Total Security, which will alert you if you are trying to visit a phishing site.