After collecting data for their ‘Financial cyber threats in 2013′ study, Kaspersky Lab shared with that cybercriminals are aggressively doing their best to acquire confidential user information and to steal money from bank accounts by creating fake sites mimicking financial organisations. In 2013, 31.45% of phishing attacks were capitalising on the names of leading banks, online stores and e-payment systems, an 8.5% increase from the previous year.
Phishing is a commonly used method by cybercriminals to obtain confidential user data with the help of fake web pages that imitate real sites. Unlike malware created for specific devices or operating systems, phishing attacks threaten all devices, which can access web pages. This is why phishing is very popular with scammers – in 2013 alone, Kaspersky Lab products protected about 39.6 million users from this threat. In total, Kaspersky Lab’s heuristic anti-phishing technologies blocked a total of 330 million attacks.
Phishing sites aimed at harvesting users’ financial details usually mimic popular online stores, e-payment systems and online banking systems down to a “T’ and is very hard to distinguish especially for unsuspecting users. In 2013, the most attractive targets were banks, which were used in 70.6% of all financial phishing. That’s a major increase from 2012 when bank phishing represented just 52%. Overall, fake bank websites were involved in twice as many (22.2%) phishing attacks in 2013.
Most cyber-scammers only take advantage of major companies with large client databases. For example, about 60% of all phishing attacks using fake bank pages exploited the names of just 25 organisations. As for the “favourites” when it comes to e-payment systems, 88.3% of phishing attacks involved one of four international brands that included: PayPal, American Express, Master Card and Visa.
When it comes to exploiting the name of online stores, Amazon.com has been the “leader” for several years in a row. Over the reported period, its name was used in 61% of online trade-related phishing attacks. The Top 3 also include Apple and eBay.
“Phishing attacks are so popular because they are simple to deploy and extremely effective. It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialised protection solution. In addition, phishing causes reputational and financial damage to organisations that see their brands exploited in phishing attacks,” commented Sergey Lozhkin, Senior Security Researcher at Kaspersky Lab.
Finally, phishing attacks don’t just begin and end at websites of financial institutions or deal with cash – they also frequently attack via social networking sites. In 2013, the number of attacks using fake pages of Facebook and other social networking sites grew by 6.8% and accounted for 35.4% of the total.