RiskFinancial CrimeFinancial Data Still Tops Malicious Spam Hit List

Financial Data Still Tops Malicious Spam Hit List

For a fourth consecutive year, programmes designed to steal users’ logins, passwords and other confidential data remain top of the list of the most widespread malware distributed by email, according to Kaspersky Lab.

The internet security specialist summarised spammer activity for 2014 as follows:

  • The proportion of spam in email flows was 66.8% in 2014, which is 2.8 percentage points lower than the previous year.
  • The reduced level of spam emails is explained by the fact that the advertising of legal goods and services is migrating to new and more effective advertising platforms.
  • The largest proportion of malicious emails (9.8%) targeted users in the US. The UK was next (9.6%) followed by Germany (9.2%).
  • The biggest source of spam was the US (16.7%), followed by Russia (5.9%) and China (5.5%).
  • For phishing attacks, 42.6% targeted global portals that integrate many services accessed via a single account.
  • Users in Russia faced the highest proportion of all phishing attacks – 17.28% of the total number of attacks worldwide.
  • Brazil was the country with the highest proportion of users targeted by phishers; 27.5% of all Kaspersky Lab users in the country faced an attack. Australia was second with 23.8%, India and France were close behind on 23% each.
  • The top three organisations whose brand identities were most often used in phishing attacks were Yahoo! with 23.3%, Facebook with 10% and Google with 8.7% of the attacks.

Kaspersky Lab adds that spam mailings imitating emails sent from mobile devices are becoming very popular. Such emails are being distributed in several languages and mention a variety of devices, including iPad, iPhone, Samsung Galaxy and other models.

These messages shared a common characteristic – very short (or non-existent) text and a signature reading “Sent from my iPhone”. Typically, they contain links to malicious attachments.

Generally spam mass mailings imitate notifications from different mobile applications such as WhatsApp and Viber. Users are familiar with the synchronisation of cross-platform apps and the fact that contact data and notifications are often shared between apps.

As a result many mobile device owners don’t think twice about opening an email saying that something has arrived on their mobile messenger. However, these mobile applications are not connected to the user’s email account, which proves that such emails are obviously fake.

“Fake bank notifications are among the most common types of malicious spam or phishing attacks,” said Maria Vergelis, spam analyst at Kaspersky Lab. “Recently, we have seen noticeable changes in the structure of some phishing emails.

“In 2014, spammers began to complicate the design of fake messages by adding more links to official resources and services of the organisations from which they claim to be sending their bogus notifications. Obviously, the attackers hope that an email with a few legitimate links would be recognised as legitimate by users and spam filters alike. Meanwhile, the email contains a single fraudulent link that either redirects users to a phishing site or downloads a malicious archive.”

Earlier this week, Kaspersky Lab reported that nation-state sponsored cyberespionage attacks are growing in sophistication.

Related Articles

Why working in silos is a killer when battling financial crimes

Cyber Security & Fraud Why working in silos is a killer when battling financial crimes

3m Andrew Simpson
PSD2: dull name, but seismic effect

Clearing & Settlement PSD2: dull name, but seismic effect

5m Alex Kwiatkowski
Staying one step ahead: PSD2 and the future of fraud

Financial Crime Staying one step ahead: PSD2 and the future of fraud

6m Seth Ruden
8 predictions for treasury in 2018

Financial Crime 8 predictions for treasury in 2018

6m Bob Stark
FDIC sues 9 European banks over Libor

Banking FDIC sues 9 European banks over Libor

10m Victoria Beckett
Appreciating supply chain cyber risk

Cyber Security & Fraud Appreciating supply chain cyber risk

10m Peregrine Storrs-Fox
The death of the password: biometric banking

Automation The death of the password: biometric banking

10m Paul Sheldon Foote
The insecurity of fraud victims in the fight against cyber-assailants

Bank Relationships The insecurity of fraud victims in the fight against cyber-assailants

10m Keiron Dalton