Report reveals alarming increase in phishing attacks

2018 was the year of phishing. Kaspersky Lab’s Spam and phishing in 2018 report claims that its anti-phishing system prevented more than 482 million phishing attempts last year.

Other key findings:
• More than half of all emails in 2018 were spam (52.48%).
• The most common type of phishing attack detected involved the CVE-2017-11882 exploit, which allows an attacker to execute remote code on a user’s machine after a malicious attachment is opened.
• 18% of Kaspersky Lab users encountered phishing last year.
• The share of spam emails under 2KB increased significantly to 74.15%, an increase of 30.75% on the previous year.

Nowadays, it’s easy to create or mimic a web page and use it to trick users into handing over their personal information. Because of this, it can be very difficult for an organisation to avoid a phishing attack, and the consequences can be significant: loss of money, damage to the corporate network, having to provide remedial training for employees, and severe harm to the reputation.

2018: a significant rise

Since 2016, phishing attacks have risen very quickly, including a 15% rise between 2016 and 2017. The financial sector was hit especially hard and over 44 percent of all phishing attacks detected by Kaspersky Lab were aimed at banks, payment systems and online shops.

Last year, Germany suffered the most phishing attacks detected by Kaspersky (30.6% of all attacks globally). Meanwhile, Brazil recorded the highest proportion of attacks against individuals, with 28% of all Kaspersky users coming under attack, followed by Portugal (23%) and Australia (21%).

Tatyana Scherbakova, security researcher at Kaspersky Lab, says: “The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods used for enticing users to visit fraudulent pages. 2018 was marked by the active exploitation of new schemes and tricks, such as scam-notifications, along with the perfection of old ones, for instance the traditional scams around Black Friday or national holidays. All in all, scammers are becoming better at taking advantage of important occasions happening around the world, like the FIFA world football championship.”

Last year’s FIFA world football championship was a major event, and cyber criminals took this opportunity to create fake FIFA partner web pages to gain access to users’ bank accounts and set up fake login pages to loot FIFA.com users’ accounts.

How can we help your organisation?

Our Phishing Staff Awareness E-learning Course helps organisations and their employees identify and understand phishing attacks, explains what could happen should they fall victim, and shows you how you can mitigate the threat of an attack.

Ensure your staff take security and compliance as seriously as you do. Take a free trial today.