Kaspersky released data showing that its anti-phishing system prevented more than 500 million
attempts at accessing fraudulent websites in 2022. That was double the 2021
figures. The most commonly used bait for these attacks were delivery services,
messengers, and cryptocurrency platforms. These and other findings can be found
in Kaspersky's new
Spam and Phishing in 2022 report.
Although
spam and phishing attacks are not necessarily complex from a technological standpoint,
they rely on sophisticated social engineering tactics, making them highly
dangerous to those who are not aware of them. Targeting both individuals and
organizations, fraudsters are skilled at creating phishing web pages identical
to the original websites that collect private user data or encourage the
transfer of money. Kaspersky experts discovered that throughout 2022, cybercriminals
increasingly turned to phishing. The company's anti-phishing system
successfully blocked 507,851,735 attempts to access fraudulent content in 2022,
twice the number of attacks thwarted in 2021.
Users
of delivery services were the most frequent targets of phishing attacks, making
up 27.38% of all blocked attempts. Fraudsters send fake emails pretending to be
from well-known delivery companies and claim there is an issue with a delivery.
The email includes a link to a fake website, which asks for personal
information or financial details. If the victim falls for the scam, they could
lose their identity and banking information, which may be sold on
the dark web. Other popular targets of phishing attacks include users of online
stores (15.56%), payment systems (10.39%), and banks (10.39%).
Distribution of organizations targeted by
phishers, by category, 2022
Kaspersky experts also highlighted the following trend in the phishing
landscape of 2022: an increase in the distribution of attacks through
messengers, with the majority of blocked attempts coming from WhatsApp
(82.71%), followed by Telegram (14.12%) and Viber (3.17%).
There is also growing demand among cybercriminals for social media
credentials, with criminals exploiting people's curiosity and desire for
privacy by offering fake updates and verified account status on social media
platforms.
An example of phishing page mimicking a social
media alert
The experts also found that cryptocurrency scams and the ongoing
pandemic are still being used by phishing attackers to steal sensitive information
from people. These scammers are taking advantage of people's fears to steal
their sensitive information.
"Phishing is one of the most prevalent and pernicious threats in
the cybersecurity landscape," said Olga Svistunova, security expert at Kaspersky.
"Being the gateway to many of the worst cyber threats, phishing pages are the
first step in a long chain of events that can result in identity theft,
financial loss, and reputational damage for both individual consumers and
businesses. It's crucial for everyone to understand the threat and take action
to protect themselves."
In order to
avoid becoming a victim of spam or phishing-based scams, Kaspersky experts
advise the following:
- Only open emails
and click links if you are sure you can trust the sender.
- When a sender is
legitimate but the content of the message seems strange, it is worth checking
with the sender via an alternative communication channel.
- Check the
spelling of a website's URL if you suspect that you are faced with a phishing
page. If you are, the URL may contain mistakes that are hard to spot at first
glance, such as a 1 instead of I or 0 instead of O.
- Use a proven security
solution when surfing the web. Thanks to access to
international threat intelligence sources, these solutions are capable of
spotting and blocking spam and phishing campaigns.
Read more about Spam and Phishing in 2022 in the report published
on Securelist.com.