Cybercriminals Accelerate Phishing Attacks in Q2
That’s according to Kasersky’s spam and phishing report for the second quarter. The overall number of phishing attacks in the quarter reached nearly 130 million.
Maria Vergelis, security researcher at Kaspersky, tells us fraudsters are constantly looking for new ways to deliver their spam and phishing content to users.
“For example, they’re trying to exploit some popular legitimate services (such as online calendars), or use contact forms and registration services on sites,” she said. “Such tricks allow them to send messages with legitimate headers and increase delivery rate. Of course, the main task of MSPs and vendors now is to monitor such trends to react on time and improve their detection products.”
In the second quarter, the amount of spam peaked in May at 58%. The average share of spam in the world’s email traffic was 55%, which is 5% higher than the average figure in the second quarter of last year.
China became the most popular source of spam, overtaking the United States and Russia, according to Kaspersky.
Quarterly spam and phishing mailshots often exploit seasonal activities to strike victims harder than a typical phishing scheme. What’s more, in the case of temporary disguises, scammers can use one of the most effective social engineering techniques – giving a limited amount of time to act – justifying it with real-life circumstances, and therefore encouraging the victim to make spontaneous decisions, according to Kaspersky.
“We are used to scammers exploiting high-profile political and sport events or natural disasters in their fraud schemes; however, last quarter we faced a new approach,” Vergelis said. “Scammers used one of the most popular TV shows in the world in their phishing attacks. They knew that this subject would attract a lot of potential victims and increase their harvest. This proved once again that scammers adapt to the thinking of their potential victims to perform successful attacks.”
Spam trends depend on the season; for example, summer usually brings an increase in tourist spam, she said. That includes fake tickets and hotel-booking companies. Such growth influences not only users, but also legitimate companies providing real tourist services. Their reputation can be damaged by large-scale spam campaigns using their names.
“It’s no secret that the main vulnerability for companies is a human factor,” Vergelis said. “Human emotions and fears can lead people to fall victims to cybercriminals and their social engineering schemes. To prevent this, companies should conduct trainings and other educational activities as often as possible, and demonstrate [to] their employees real examples of fraud, and ways to recognize and avoid it.”
Some of the emails analyzed by Kaspersky included malicious attachments disguised as a copy of the return form which actually was either a malicious downloader – which would download more malicious programs onto users’ machines when launched – or a backdoor (multifunctional malware) that provided criminals with remote access to …