In 2022 the system anti-Phishing of Kaspersky thwarted more than 500 million attempts accesss on fake websites, double the number compared to 2021 figures.
Delivery services, messaging platforms (messenger) and cryptocurrency services were the most frequently exploited means of deceiving victims through phishing attacks. These are some of the findings found in Kaspersky's new 2022 Spam and Phishing report.
Although spam and phishing attacks are not necessarily technologically sophisticated, their configuration relies on sophisticated social engineering tactics, making them extremely dangerous for those who cannot recognize them. Fraudsters are capable of creating phishing websites that look identical to real ones, using them to extract sensitive information or trick individuals and businesses out of money. Kaspersky experts found that throughout 2022, cybercriminals increasingly turned to phishing. In 2022, the company's anti-phishing system successfully blocked 507.851.735 malicious access attempts content, double the number of attacks prevented within 2021.
Users of delivery services were the most frequent victims of phishing attacks, accounting for 27,38% of all attempts prevented. Scammers send fake emails pretending to be from well-known delivery companies and claiming there is a problem with a delivery. The email includes a link to a fake website, which asks for personal or financial details. If the victim does not recognize the fraud, they may unwittingly share their identification and banking details, which are then sold on dark web sites. Other popular targets of phishing attacks are online stores (15,56%), payment systems (10,39%) and banks (10,39%).
Distribution of targeted organisms phishers within 2022, by category
Kaspersky experts have also identified another strong trend in the phishing landscape for 2022: an increase in attacks carried out via messenger applications, with the majority of blocked attempts coming from WhatsApp (82,71%), Telegram (14,12 .3,17%) and Viber (XNUMX%).
Cybercriminals are increasingly targeting social media accounts, taking advantage of people's curiosity and need for privacy. They use tactics like offering fake updates and verified account statuses to get users to share their login details.
An example page Phishing which mimics a social media notification
In addition, according to experts, cybercriminals continue to exploit people's fears and anxieties related to the pandemic, as well as use cryptocurrency scams to extract sensitive information. These scammers take advantage of people's fears and anxieties to steal their sensitive information.
"The Phishing is one of the most prevalent and destructive threats in the cybersecurity landscape, as pages Phishing they are often the first step in a series of cyber threats that can lead to the loss of personal data, money and defamation of both individuals and businesses. It is vital for everyone to understand the threat and take steps to protect themselves." according to Olga Svistunova, security expert at Kaspersky.
In order to avoid becoming a victim spam mail or press fraud Phishing, its experts Kaspersky they recommend the following:
- Only open emails and click on links if you are sure you can trust the sender.
- When a sender exists but the content of the message seems strange, it is worth performing a verification check through an alternative communication channel with the sender.
- Check her spelling addresss URL of a website if you suspect it is a phishing page. If so, the URL may contain errors that are hard to spot at first glance, such as 1 instead of I or 0 instead of O.
- Use a proven security solution when surfing the web. Thanks to access to international base information about the threat landscape, these solutions are able to detect and block spam and phishing campaigns.
Read more about Spam and Phishing in 2022 in the report published on Securelist.com.
