About One Third Of Phishing Attacks Aimed At Stealing Money

According to data collected as part of Kaspersky Lab's 'Financial cyber threats in 2013' study, cybercriminals are trying harder than ever to acquire confidential user information and steal money from bank accounts by creating fake sites mimicking financial organisations. In 2013, 31.45 per cent of phishing attacks were trading on the names of leading banks, online stores and online payment systems – an increase of 8.5 percentage points from the previous year.

Phishing is a fraudulent scheme used by cybercriminals to obtain confidential user data with the help of fake web pages imitating Internet resources. Unlike malicious software created for particular operating systems, phishing attacks threaten all devices which can access web pages. That is why they are so popular with scammers – in 2013 alone Kaspersky Lab products protected about 39.6 million users from this cyber threat.

Phishing sites aimed at harvesting users’ financial details mainly use the brand names of popular online stores, online payment systems and online banking systems. In 2013, the most attractive targets were banks, which were used in 70.6 per cent of all financial phishing. That’s a sharp increase from 2012 when bank phishing represented just 52 per cent. Overall, fake bank websites were involved in twice as many (22.2 per cent) phishing attacks in 2013.

Financial phishing targets in 2013

In 2013, Kaspersky Lab heuristic anti-phishing technologies blocked a total of 330 million attacks, an increase of 22.2 per cent from the previous year. Fraudsters use the brand names of major companies with large client databases in search of a big criminal profit. For example, about 60 per cent of all phishing attacks using fake bank pages exploited the names of just 25 organisations. Among online payment systems the phishers’ favourites are even more clearly-defined - 88.3 per cent of phishing attacks in this category involved one of four international brands: PayPal, American Express, MasterCard and Visa.

For several years in a row Amazon.com has been the most popular cover for phishing attacks exploiting the names of online stores. Over the reported period its name was used in 61 per cent of online trade-related phishing attacks. The Top 3 also included Apple and eBay, but both of them lagged well behind Amazon.

“Phishing attacks are so popular because they are simple to deploy and extremely effective. It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialised protection solution. In addition, phishing causes reputational and financial damage to organisations that see their brands exploited in phishing attacks,” commented Sergey Lozhkin, Senior Security Researcher at Kaspersky Lab.

The standard anti-phishing mechanisms in Kaspersky Lab security solutions for home users and small businesses are supplemented with Safe Moneytechnology that reliably protects user data during online banking or payment sessions. The effectiveness of this technology is confirmed by special trials carried out by independent test labs such as AV-TEST, MRG Effitas and Matousec.

The 'Financial cyber threats in 2013' report used data obtained voluntarily from Kaspersky Security Network participants. Kaspersky Security Network is a globally distributed cloud-based infrastructure designed to quickly process depersonalised data about threats which users of Kaspersky Lab’s products encounter. Statistics about phishing attacks were obtained based on Kaspersky Lab web anti-phishing detections.

More than a quarter (27 per cent) of parents believe their children have been exposed to online risks, such as accessing inappropriate content or cyber bullying in the past 12 months, according to a Kaspersky Lab study. Despite this, research to mark Safer Internet Day taking place on 11th February, has found that one in five parents (22 per cent) takes no action to govern their children’s online activity – whether on the home computer or mobile devices.

“Regardless of how their children are accessing the internet, parents must remain vigilant, supervise their internet use and consider parental control technologies. However, as a parent myself, I find these statistics particularly worrying when you consider the increasing number of children using connected smartphones today. After all, when children use mobile devices to access the web, they are using the same internet, with the same risks – yet parents are often not as aware of the dangers,” says David Emm, senior security researcher at Kaspersky Lab.

The study also found that 18 per cent of parents had lost money or data from their personal device as a result of their child’s unmonitored access. With smartphone apps often being blamed in the press for children inadvertently spending hundreds of pounds, effective controls and open channels of communication around smartphone use is imperative.

David Emm continues: “There is a common misconception that smartphones and tablets don’t need the same level of protection as a PC, but with such a high percentage of parents not having a clear view of their children’s online activity, this way of thinking needs to change. The internet is an incredible resource, both for social use and in an educational capacity. But in the same way as we would teach our children to cross the road safely, we must teach them to be aware of, and respect, the dangers of the internet. Just because a threat is out of sight, it doesn’t mean we shouldn’t keep it front of mind.”

David Emm offers the following tips to stay safe online:

1. Both Android smartphones and iPhones come with in-built parental controls – when purchasing a smartphone, ask the sales assistants to demonstrate these features. They have policies in place and a responsibility to make parents aware of these. By creating a demand, it is more likely they will let other parents know.
2. Apply settings that prevent in-app purchases to save hefty bills should children stumble across a game with expensive add-ons.
3. Install security software – these providers will offer apps to filter out inappropriate content, for example, adult images and senders of nuisance SMS messages.
4. Encourage children to talk about their online experience and in particular, anything that makes them feel uncomfortable or threatened. Open a channel of communication so they feel they can discuss all areas of their online life without fear of judgement or reprimand.
5. Protecting children from cyber bullies is especially challenging with smartphones as they can be targeted in so many ways, especially out of view of their parents. Deal with cyber bullying as you would in real life by encouraging children to be open and talk to a trusted adult if they experience any threatening or inappropriate messages. Numbers and contacts on apps can both be blocked if they are making children uncomfortable.
6. Use the internet for good – there are sites that can advise both parents and children on how to manage online threats. Take a look at http://www.thinkuknow.co.uk/.
7. 
   

In response to these online threats that children are increasingly facing, Kaspersky Lab now offers a multi-device version of Kaspersky Internet Security. The security software provides real-time protection for multiple Windows PCs, Macs and Android smartphones and tablets, all with a single licence allowing families to be protected on every device in their home and keep their children safe online. For more information on products and advice from Kaspersky Lab, visit www.kaspersky.co.uk.

¹ Kaspersky Consumer Security Risks Survey, B2B International and Kaspersky Lab