Kaspersky Lab blocked 137 million phishing attempts in the third quarter of 2018, a 28 percent increase compared to Q2 2018. A report by the anti-virus company reveals that phishing attacks targeted 12% of Kaspersky’s customers around the world. More than a third of the attacks were directed at financial targets, including banks, electronic payment systems, and online stores.
The report’s findings are consistent with a global increase in phishing over the past several years. Kaspersky Lab’s anti-phishing system blocked 154 million phishing attempts in 2016 and 246 million attempts in 2017. Both numbers have already been far surpassed in the first three quarters of 2018, with this year’s prevented attacks reaching well over 300 million.
Kaspersky also highlighted several trends it observed during the quarter, including the way scammers are increasingly utilizing browser pop-ups. Pop-up phishing uses ambiguity about the source of a pop-up to trick victims who are visiting otherwise legitimate sites.
“It is mainly deployed by websites that collaborate with various partner networks. With the aid of pop-up notifications, users are lured onto ‘partner’ sites, where they are prompted to enter, for example, personal data. The owners of the resource receive a reward for every user they process,” the report states. “By default, Chrome requests permission to enable notifications for each individual site, and so as to nudge the user into making an affirmative decision, the attackers state that the page cannot continue loading without a little click on the Allow button. The danger is that notifications can appear when the user is visiting a trusted resource.”
Other schemes observed by Kaspersky included phony job applications, spoofed news websites, and Instagram verification scams. The report also notes an increase in sextortion emails that include real details about victims, including their names, passwords, and phone numbers.
While technical defenses can stop some of these threats, social engineering attacks rely on human error and gullibility to bypass safeguards. Scammers are constantly honing their craft and coming up with new ways to manipulate people. One of the best ways an organization can defend against these methods is by providing new-school security awareness training for its employees.
Educating employees on social engineering tactics will significantly improve the overall security of your organization by ensuring that employees have the knowledge to recognize new and sophisticated scams. Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/news/phishing-attempts-soar-to-137/