Financial Data Main Target in Phishing Attacks
More than one in four (28.8%) of phishing attacks in 2014 were intended to steal financial data from users, according to Kaspersky Lab’s 2014 study.
The protection software vendor reports that while carrying out their scams, cybercriminals have shifted their focus from bank brands to payment systems and online shopping sites.
Phishing is a type of Internet fraud used by cybercriminals to lure users into providing their account logins, passwords and other personal information by creating fake web pages to imitate popular online resources.
The 2014 study found that cybercriminals used the names of well-known banks in 16.3% of attacks; in 2013, the level of bank phishing was 22.2%.
In the payment systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02%), PayPal (30.03%) and American Express (24.6%). The names of well-known online shopping sites were used in 7.3% of attacks, against 6.5% in 2013.
Amazon remains the most commonly-attacked brand in the online shopping category – 31.7% of attacks in this category used phishing pages mentioning Amazon, although this is 29.41 percentage points less than in the previous year.
“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively,” said Nadezhda Demidova, web content analyst at Kaspersky Lab. “That leads to a reduction in the levels of phishing that targets some of the larger brands.
“However, cybercriminals immediately responded by targeting new ‘markets’. For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams.”
The 2014 study notes that modern phishing websites are getting more and more sophisticated, making them very hard for users to recognise. “That is why we recommend using an Internet security solution with an advanced anti-phishing technology in place,” the study authors add.