Global cybersecurity company Kaspersky Lab has said that its anti-phishing system prevented more than 482 million attempts to visit fraudulent webpages during 2018, a two-fold increase on 2017 when 236 million such attempts were blocked.
The rapid growth of phishing attacks in 2018 is part of a long-running trend with both 2017 and 2016 experiencing increases of 15 per cent on the previous year. However, the 2018 figure marks a new peak.
Phishing is one of the most flexible types of ‘social engineering’ attack, as it can be disguised in many ways and used for different purposes. To create a phishing page, all one needs to do is create a replica of a popular or trusted website, lure unwary users to the site and trick them into entering personal information.
Such information often includes financial credentials such as bank account passwords or payment card details, or access credentials for social media accounts. It could also be a case of getting someone to open an attachment or click on a link that then downloads malware onto their computer.
The consequences of such attacks may range from a loss of money to the compromise of an entire corporate network, said Kaspersky. Phishing attacks, especially of the malicious link or attachment variety are a popular initial infection vector for targeted attacks on organisations.
The financial sector was hit especially hard. Over 44 per cent of all phishing attacks detected by Kaspersky Lab technologies were aimed at banks, payment systems and online shops. This means that there were almost as many financial phishing attacks in 2018 as there were phishing attacks overall in 2017.
The country with the highest percentage of users attacked by phishing remained Brazil with 28 per cent of all attacked users. “The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods used for enticing users to visit fraudulent pages,” said Tatyana Scherbakova, security researcher at Kaspersky Lab.