Phishing is often considered one of the most misleading types of cyber attacks because it is based on social engineering techniques and may go unnoticed. Unfortunately, it is becoming more and more popular.
Kaspersky Lab’s anti-phishing system prevented over 137 million attempts to visit fake web sites in the third quarter of 2018. The number of attacks is 27.5% higher than the number of attacks in the previous quarter, a percentage pointing to rapid growth of phishing attacks.
Specifically, in the third quarter, 137,382,124 attempts were made to visit phishing sites, more than half the figure recorded throughout the year 2017. The rapid increase in phishing attacks continues the trend in previous quarters of 2018. This translates into over 1.5 million phishing attacks every day.
The financial segment has been greatly affected: over a third of all phishing attacks targeted banks, payment systems and e-commerce – up from 20% in Q2. Phishing attacks on social networks accounted for 6% of total attacks.
The country with the highest percentage of attacked users in the third quarter was Guatemala, nearly 19%, surpassing Brazil’s previous quarter, which was second in the second place, with a small difference of 18.6%. Spain ranks third with 17.5% of users targeted by phishing attacks.
How do these attacks work so you know not to fall prey to you? In most cases, offenders create a copy of a known landing page, and the victim is encouraged to enter their authentication data along with any other valuable information or to pay for non-existent services.
The consequences of such attacks may range from money losses to compromising entire entities where employees have not been careful enough and have given offenders authentication data to access the system.
If you saw the Hackerville series from HBO then you know that Romanian hackers choose this method to compromise a bank in Germany. Hackers in Romania sent an email to a bank employee who seemed to be coming from his boss, but he was hiding a malware that affected the company’s servers.
If you do not want to have issues with phishing attacks then you should consider the following tips:
- Always check the sender’s link address and e-mail (even if the mail appears to come from your boss) to see if they are real, before doing anything. Better, do not click the link, but type it in the browser address to make sure that the name of the link in the message does not cover one another.
- If you are not sure that the site / sender is real and trustworthy, do not enter the authentication data. If you seem to have written your username and password on a fake page, change your password immediately!
- Use only a secure connection, especially when you go to sensitive data pages. Do not connect to unknown or public Wi-Fi networks without password protection. For maximum security, you can install a VPN solution that encrypts traffic. In an unprotected connection, cybercriminals can direct you, unknowingly, to phishing pages.
- It uses a security solution with behavior-based anti-phishing technologies.