Although spam and phishing attacks are not necessarily complex from a technological standpoint, they rely on sophisticated social engineering tactics, making them highly dangerous to those who are not aware of them. Fraudsters are skilled at creating phishing web pages identical to the original websites that collect private user data or encourage the transfer of money to fraudsters targeting both individuals and organizations.
Users of delivery services were the most frequently targeted victims of phishing attacks, making up 27% of all blocked attempts. Fraudsters send fake emails pretending to be from well-known delivery companies and claim there is an issue with a delivery. The email includes a link to a fake website, which asks for personal information or financial details. If the victim falls for the scam, they could lose their identity and banking information, which may be sold to websites on the dark web.
Other popular targets of phishing attacks include those associated with online stores, payment systems and banks. In the UK, e-shops were the most targeted with over 38% of phishing attacks recorded, followed by payment systems (36%) and banks (25%).
"Phishing is one of the most prevalent and pernicious threats in the cybersecurity landscape, which can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses”, commented David Emm, Principal Security Researcher, Global Research and Analysis Team, Kaspersky. “We would advise consumers in the UK to exercise caution when shopping online or using banking and mortgage services, particularly as inflation and cost of living are pushing people to land a bargain and buy goods at the lowest price. As cybercriminals become increasingly sophisticated in their tactics, it's more important than ever to remain vigilant and take proactive measures to protect your personal information”, he added.
Distribution of organizations targeted by phishers, by category, 2022
Kaspersky experts have also highlighted an increase in the distribution of attacks through messengers in 2022, with the majority of blocked attempts coming from WhatsApp (82.71%), followed by Telegram (14.12%) and Viber (3.17%).
There is also growing demand among cybercriminals for social media credentials, with criminals exploiting people's curiosity and desire for privacy by offering fake updates and verified account status on social media platforms.
An example of phishing page mimicking a social media alert
Moreover, the experts found that cryptocurrency scams and the ongoing pandemic are still being used by phishing attackers to steal sensitive information from people who are afraid and worried. These scammers are taking advantage of people's fears and concerns to steal their sensitive information.
In order to avoid becoming a victim of spam or phishing-based scams, Kaspersky experts advise the following:
Read more about Spam and Phishing in 2022 in the report published on Securelist.com