Internet fraud has been around for just about as long as the Internet itself. According to a Kaspersky Lab 2016 Report, each year, cybercriminals come up with new techniques and tactics to fool their potential victims.
Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. The aim of these emails is to obtain a user’s confidential data (username, password, etc.). Bank phishing is one of the most commonplace tactics aimed at gaining access to online bank accounts or e-payment account details. Once a malicious user gets ahold of a login and password, he has access to an account. Phishers are skilled at creating authentic-looking emails which are disguised as official emails from various organizations. In particular, they use organizations’ official logos and copy the overall style of legitimate correspondence. As a rule, the email will suggest that the recipient click on a link in order to enter personal information. When a user clicks on the link, he is taken to a fraudulent website that looks just like the official site where he can enter his username and password. The data is then sent to the cybercriminals.
There are many different types of phishing. Scammers create bogus emails for all kinds of Internet resources that require a username and password. Services like hosting and online magazines can all be targeted. Cybercriminals generally look to copy a well-known online resource that is trusted by users.
Financial threats in 2016: According to Kaspersky Lab’s 2016 Report, almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money. Compared to 2015, the amount of phishing attacks increased by 13.14% in 2016 to comprise 47.48% of all phishing attacks blocked by heuristic detection technologies. In 2016, Kaspersky Lab’s anti-phishing technologies detected almost 155 million user attempts to visit different kinds of phishing pages. Of those, almost half were attempts to visit a financial page. Banking phishing schemes are the absolute leaders among all types of financial phishing. 25.76% of all attacks used fake online banking information or other content related to banks, which was 8.31% higher than in 2015.
In order to protect users from phishing, Kaspersky Lab experts advise users to take the following measures:
• When paying online always check the legitimacy of the website.
• Always check the legitimacy of emails being received from famous brands.
• Don’t click the links in emails or web pages if you have doubt about their
• Use a proven security solution with behavior-based anti-phishing technologies.
Running simulated phishing tests will determine your employees' susceptibility to social engineering and phishing scams. Train your employees and help them identify spear phishing and ransomware attacks.