Phishing attacks jumped 21% during the second quarter compared to the same quarter of last year, while multiple mailshots have been detected pretending to offer tax refunds.

That’s according to Kasersky’s spam and phishing report for the second quarter. The overall number of phishing attacks in the quarter reached nearly 130 million.

Maria Vergelis, security researcher at Kaspersky, tells us fraudsters are constantly looking for new ways to deliver their spam and phishing content to users.

“For example, they’re trying to exploit some popular legitimate services (such as online calendars), or use contact forms and registration services on sites,” she said. “Such tricks allow them to send messages with legitimate headers and increase delivery rate. Of course, the main task of MSPs and vendors now is to monitor such trends to react on time and improve their detection products.”

In the second quarter, the amount of spam peaked in May at 58%. The average share of spam in the world’s email traffic was 55%, which is 5% higher than the average figure in the second quarter of last year.

China became the most popular source of spam, overtaking the United States and Russia, according to Kaspersky.

Quarterly spam and phishing mailshots often exploit seasonal activities to strike victims harder than a typical phishing scheme. What’s more, in the case of temporary disguises, scammers can use one of the most effective social engineering techniques – giving a limited amount of time to act – justifying it with real-life circumstances, and therefore encouraging the victim to make spontaneous decisions, according to Kaspersky.

“We are used to scammers exploiting high-profile political and sport events or natural disasters in their fraud schemes; however, last quarter we faced a new approach,” Vergelis said. “Scammers used one of the most popular TV shows in the world in their phishing attacks. They knew that this subject would attract a lot of potential victims and increase their harvest. This proved once again that scammers adapt to the thinking of their potential victims to perform successful attacks.”

Spam trends depend on the season; for example, summer usually brings an increase in tourist spam, she said. That includes fake tickets and hotel-booking companies. Such growth influences not only users, but also legitimate companies providing real tourist services. Their reputation can be damaged by large-scale spam campaigns using their names.

“It’s no secret that the main vulnerability for companies is a human factor,” Vergelis said. “Human emotions and fears can lead people to fall victims to cybercriminals and their social engineering schemes. To prevent this, companies should conduct trainings and other educational activities as often as possible, and demonstrate [to] their employees real examples of fraud, and ways to recognize and avoid it.”

Some of the emails analyzed by Kaspersky included malicious attachments disguised as a copy of the return form which actually was either a malicious downloader – which would download more malicious programs onto users’ machines when launched – or a backdoor (multifunctional malware) that provided criminals with remote access to …

… the infected machine. Its capabilities include monitoring keystrokes, stealing passwords from browsers and Windows accounts, and recording video from the computer’s webcam. To convince users to launch such malicious files, fraudsters usually would make it look like a zip file containing important information for tax form updates.

“Seasonal spam and phishing can be extremely effective, since the emergence of such a letter in a mailbox is sometimes wished and expected, unlike most unique-offer-type scams,” Vergelis said. “Moreover, with phishing attacks, the tricked victim might not even realize that they were subjected to a cyberattack and had exposed their credentials or email until it is too late and they suffer from the consequences.”

Microsoft was by far the most impersonated brand in second-quarter phishing attacks, according to Vade Secure. There also was a significant uptick in Facebook phishing, it said.

“Cybercriminals are more sophisticated than ever, and the ways they target corporate and consumer email users continued to evolve in [the second quarter],” said Adrien Gendre, Vade Secure’s chief solution architect. “Microsoft Office 365 phishing is the gateway to massive amounts of corporate data, while gaining access to a consumer’s Facebook login information could compromise much of their personal, sensitive information. The fact that we saw such a significant volume in impersonations of these two brands, along with the coinciding new methods of attack, means that virtually all email users and organizations need to be on heightened alert.”