Kaspersky Lab's latest "Spam and Phishing Report" has shown that spam emails have become more dangerous, although their volume has declined. At the same time, the level of malicious attempts through mail has increased dramatically.
In particular, in 2016 in March, Kaspersky Lab's products prevented 22.890.956 attempting to "infect" users through malicious e-mail files, twice as many as those attempted in February of 2016.
Since 2012, the level of messages spam in the total volume of emails is constantly decreasing.
However, the volume of emails containing malicious attachments has increased significantly since the first quarter of 2016 was 3,3 times higher compared to the same 2015 period.
There was also an increase in the volume of ransomware recorded during the quarter, which are often spread via email containing "infected" file attachments (eg Word documents). The main threat actor in this area in the first quarter was ransomware Trojan Locky, which is distributed via email, in different languages, and has been targeted against targets in at least 114 countries. Locky's email contained fraudulent data from financial institutions, cheating users and forcing them to open the dangerous attachment file.
Kaspersky Lab's findings show that digital fraudsters are increasingly using such messages to target Internet users, because browsing the Internet is becoming more secure. Almost all popular browsers have now deployed security and anti-phishing protection tools, making it harder for digital criminals to spread malware through "infected" websites.
In the first quarter of 2016, digital fraudsters tried to lure users to open malicious archives, earning their attention by email about terrorism, an issue that is always in the news. Many countries have stepped up security measures to prevent terrorist attacks, so this has become a particularly popular issue for spam emails.
Some scammers tried to convince recipients that the file attached to the spam email contained a new mobile app Appliances, which could detect an explosive device, once installed.
The email emphasized that the Ministry Defense των ΗΠΑ είχε ανακαλύψει αυτή την τεχνολογία και ότι ήταν αρκετά απλή και προσιτή. Το συνημμένο περιείχε συνήθως ένα εκτελέσιμο αρχείο, το οποίο εντοπίζεται με την κωδική ονομασία “Trojan-Dropper.Win32.Dapato”. This malware can intercept users' personal information, organize DDoS attacks and install other malware.
Also, even the scammers using the known technique Nigerian spam, resorted to the use of terrorism-related issues in their emails. According to Kaspersky Lab's report, the volume of these emails has increased significantly.
These spammers previously preferred to send lengthy emails that contained a detailed story and links to news to make them more convincing. However, they are now only sending short messages without details, asking the recipients to contact them.
"Unfortunately, we see our previous predictions about criminalizing spam becoming a reality. Scammers use different methods to attract users' attention and throw their defenses. Spammers also use a variety of social engineer languages and methods, multiple types of malicious attachments, and partial personalization of email to make them more convincing. False messages often mimic alerts from well-known organizations and agencies. All of the above means that spam passes to a new, dangerous level, warns Daria Gudkova, Kaspersky Lab's Spam Analysis Expert.
More information about the spam and phishing landscape for the first quarter of 2016 is available on the site Securelist.com.