In 2022 the system anti-Phishing of Kaspersky prevented more than 500 million attempts to access fake websites, double the number compared to 2021 figures.
Delivery services, messaging platforms (messenger) and cryptocurrency services were the means most often exploited to deceive victims through phishing attacks. These are some of the findings found in Kaspersky's new 2022 Spam and Phishing report.
Παρότι οι επιθέσεις spam και phishing δεν είναι απαραίτητα περίπλοκες από τεχνολογική άποψη, η διαμόρφωσή τους βασίζεται σε εξελιγμένες τακτικές κοινωνικής μηχανικής, καθιστώντας τις εξαιρετικά επικίνδυνες για όσους δεν μπορούν να τις αναγνωρίσουν. Οι απατεώνες είναι ικανοί να δημιουργήσουν phising ιστοτόπους που φαίνονται πανομοιότυποι με τους αληθινούς, χρησιμοποιώντας τους για να αποσπάσουν ευαίσθητες πληροφορίες ή να εξαπατήσουν πρόσωπα και επιχειρήσεις αποσπώντας τους χρήματα. Οι ειδικοί της Kaspersky ανακάλυψαν ότι, καθ’ όλη τη διάρκεια του 2022, οι κυβερνοεγκληματίες στράφηκαν όλο και περισσότερο στο phishing. Το 2022 το σύστημα anti-phishing της εταιρείας απέκλεισε με επιτυχία 507.851.735 προσπάθειες πρόσβασης σε κακόβουλο περιεχόμενο, αριθμός διπλάσιος από τον αριθμό των επιθέσεων που αποτράπηκαν εντός του 2021.
Users of delivery services were the most frequent victims of phishing attacks, accounting for 27,38% of all attempts prevented. Scammers send fake emails pretending to be from well-known delivery companies and claiming there is a problem with a delivery. The email includes a link to a fake website, which asks for personal or financial details. If the victim does not recognize the fraud, they may unwittingly share their identification and banking details, which are then sold on dark web sites. Other popular targets of phishing attacks are online stores (15,56%), payment systems (10,39%) and banks (10,39%).
Distribution of targeted organisms phishers within 2022, by category
Kaspersky experts have also identified another strong trend in the phishing landscape for 2022: an increase in attacks carried out via messenger applications, with the majority of blocked attempts coming from WhatsApp (82,71%), Telegram (14,12 .3,17%) and Viber (XNUMX%).
Cybercriminals are increasingly targeting social media accounts, taking advantage of people's curiosity and need for privacy. They use tactics like offering fake updates and verified account statuses to get users to share their login details.
An example page Phishing which mimics a social media notification
In addition, according to experts, cybercriminals continue to exploit people's fears and anxieties related to the pandemic, as well as use cryptocurrency scams to extract sensitive information. These scammers take advantage of people's fears and anxieties to steal their sensitive information.
"The Phishing is one of the most prevalent and destructive threats in the cybersecurity landscape, as pages Phishing they are often the first step in a series of cyber threats that can lead to the loss of personal data, money and defamation of both individuals and businesses. It is vital for everyone to understand the threat and take steps to protect themselves." according to Olga Svistunova, security expert at Kaspersky.
In order to avoid becoming a victim spam mail or press fraud Phishing, its experts Kaspersky they recommend the following:
- Only open emails and click on links if you are sure you can trust the sender.
- When a sender exists but the content of the message seems strange, it is worth performing a verification check through an alternative communication channel with the sender.
- Check the spelling of a website's URL if you suspect it is a phishing page. If so, the URL may contain errors that are hard to spot at first glance, such as 1 instead of I or 0 instead of O.
- Use a proven security solution when surfing the web. Thanks to access to a global intelligence base on the threat landscape, these solutions are able to detect and block spam and phishing campaigns.
Read more about Spam and Phishing in 2022 in the report published on Securelist.com.