2022 the system anti-Phishing of Kaspersky prevented more than 500 million attempts to access fake websites, double the number compared to 2021 figures.
Delivery services, messaging platforms (messenger) and cryptocurrency services were the means most often exploited to deceive victims through phishing attacks. These are some of the findings found in Kaspersky's new 2022 Spam and Phishing report.
Although spam and phishing attacks are not necessarily technologically sophisticated, their configuration relies on sophisticated social engineering tactics, making them extremely dangerous for those who cannot recognize them. Fraudsters are capable of creating phishing websites that look identical to real ones, using them to extract sensitive information or trick individuals and businesses out of money. Kaspersky experts discovered that, throughout the duration of 2022, cybercriminals increasingly turned to phishing. In 2022, the company's anti-phishing system successfully blocked 507.851.735 attempts to access malicious content, double the number of attacks prevented in 2021.
Users of delivery services were the most frequent victims of phishing attacks, accounting for 27,38% of all attempts prevented. Scammers send fake emails pretending to be from well-known delivery companies and claim it exists problem with a tradition. The email includes a link to a fake website, which asks for personal or financial details. If the victim does not recognize the fraud, they may unwittingly share their identification and banking details, which are then sold to dark web sites. Other popular targets of phishing attacks are online stores (15,56%), payment systems (10,39%) and banks (10,39%).
Distribution of targeted organisms phishers within 2022, by category
Kaspersky experts have also identified another strong trend in the phishing landscape for 2022: an increase in attacks carried out via messenger apps, with the majority of blocked attempts coming from WhatsApp (82,71%), the Telegram (14,12%) and Viber (3,17%).
Cybercriminals are increasingly targeting social media accounts, taking advantage of people's curiosity and need for privacy. They use tactics like offering fake updates and verified account statuses to get users to share their login details.
An example page Phishing which mimics a social media notification
In addition, according to experts, cybercriminals continue to exploit people's fears and anxieties related to the pandemic, as well as use cryptocurrency scams to extract sensitive information. These scammers take advantage of people's fears and anxieties to steal their sensitive information.
"The Phishing is one of the most prevalent and destructive threats in the cybersecurity landscape, as pages Phishing they are often the first step in a series of cyber threats that can lead to the loss of personal data, money and defamation of both individuals and businesses. It is vital for everyone to understand the threat and take steps to protect themselves." according to Olga Svistunova, security expert at Kaspersky.
In order to avoid becoming a victim spam mail or press fraud Phishing, its experts Kaspersky they recommend the following:
- Open the emails and do click on links only if you are sure you can trust the sender.
- When a sender exists but the content of the message seems strange, it is worth performing a verification check through an alternative communication channel with the sender.
- Check the spelling of a website's URL if you suspect it is a phishing page. If so, the URL may contain errors that are hard to spot at first glance, such as 1 instead of I or 0 instead of O.
- Use a proven security solution when surfing the web. Thanks to access to a global intelligence base on the threat landscape, these solutions are able to detect and block spam and phishing campaigns.
Read more about Spam and Phishing in 2022 in the report published on Securelist.com.
