3,000* UK internet users were subjected to phishing attacks each day in 2012-2013, an increase from 1,000 in 2011-2012, according to results from Kaspersky Lab’s “The evolution of phishing attacks” report. The analysis, which was carried out in June 2013 and based on data from the Kaspersky Security Network cloud service, shows that what was once a subset of spam has evolved into a rapidly growing cyberthreat in its own right with Facebook, Yahoo! Google and Amazon the websites most targeted by phishers in the UK.
Phishing is a form of Internet fraud in which criminals create a fake copy of a popular site (an email service, an Internet banking website, a social networking site, etc.) and try to lure the users to these rogue web pages. The unsuspecting user enters their login information and passwords into these carefully forged websites as they normally would, but these access credentials are instead sent to the cybercriminals.
The scammers can then use this stolen personal information, bank credentials or passwords to steal the users’ money, to distribute spam and malware via the compromised email or social networking accounts, or they can simply sell their databases of stolen passwords to other criminals.
For a long time, phishing was regarded as a variation of typical spam emails. However, the data from this report confirms that the scale of phishing attacks has reached such a significant level that they should be regarded as a dangerous threat category of their own, not merely an off-shoot of general spam. In fact, email is no longer the most common delivery mechanism for phishing emails with only 12 per cent of all registered phishing attacks globally were launched via spam mailings. The other 88 per cent of cases came from links to phishing pages which people followed while using a web browser, a messaging system (Skype, etc.) or otherwise interacting with the computer.
Main Research Findings
In 2012-2013, 3,000 users were attacked each day in the UK – three times as many as in 2011-2012.
In 2012-2013, phishers launched attacks affecting an average of 102,100 people worldwide each day – twice as many as in 2011-2012.
Phishing attacks most often target users in Russia, the USA, India, Vietnam and the UK.
Vietnam, the USA, India and Germany have the greatest number of attacked users – the total number of attacks in these regions has doubled since last year.
The majority of the servers hosting phishing pages were registered in the USA, the UK, Germany, Russia and India.
The number of unique attack sources – such as fraudulent websites and servers – has more than tripled from 2012-2013.
Over half (56 per cent) of all identified unique attack sources globally were found in just 10 countries, which means the attackers have a small set of preferred “home bases” to launch their attacks.
The services of Yahoo!, Google, Facebook and Amazon were most often attacked by phishers globally – 30 per cent of all registered incidents involved fake versions of their sites.
Over 20 per cent of all phishing attacks globally mimicked banks and other financial organisations.
Top 10 sites targeted in the UK include BT, PayPal and one of the most prominent British financial conglomerates
“The volume and variety of phishing attacks detected during the analysis indicates that phishing is not merely one tool among many for the illegal enrichment of fraudsters, but represents a significant and visible threat. These attacks are relatively simple to organise and are demonstrably effective, attracting an increasing number of cybercriminals to this type of illegal activity. The volume of phishing attacks, which according to Kaspersky Security Network nearly doubled in a single year, confirms this trend", said Nikita Shvetsov, Deputy CTO (Research) at Kaspersky Lab.
A PDF version of the full report ‘The evolution of phishing attacks 2011-2013’ is available to download here.
Data was obtained from 50 million individual users with Kaspersky Lab products who have consented to anonymously contribute their data on detected threats to the Kaspersky Security Network cloud. All individuals used computers running Windows and data analysed was from 2011-2013 (two equal periods, each extending from May 1 in one year through to April 30 of the following year).
Data analysed included:
The total volume of registered phishing attacks over a specific period.
The channels via which links to phishing webpages are delivered.
The geography and number of attack victims.
The geography and number of attack sources.
The classification of attack targets (websites most frequently copied by malicious users).
Changes in attack targets depending on the targeted country.
Important note: During this study, Kaspersky Lab identified a large number of attacks against banks all over the world. The names of these banks have been deliberately redacted from the text of the report in order to avoid harming the reputations of these banks.