About One Third of Phishing Attacks Aimed at Stealing Money

April 7, 2014

ABINGDON, England, April 7, 2014 /PRNewswire/ –

According to data collected as part of Kaspersky Lab’s ‘Financial cyber threats in
[http://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing ]
study, cybercriminals are trying harder than ever to acquire confidential user
information and steal money from bank accounts by creating fake sites mimicking financial
organisations. In 2013, 31.45 per cent of phishing attacks were trading on the names of
leading banks, online stores and online payment systems – an increase of 8.5 percentage
points from the previous year.

Phishing is a fraudulent scheme used by cybercriminals to obtain confidential user
data with the help of fake web pages imitating Internet resources. Unlike malicious
software created for particular operating systems, phishing attacks threaten all devices
which can access web pages. That is why they are so popular with scammers – in 2013 alone
Kaspersky Lab products protected about 39.6 million users from this cyber threat.

Phishing sites aimed at harvesting users’ financial details mainly use the brand names
of popular online stores, online payment systems and online banking systems. In 2013, the
most attractive targets were banks, which were used in 70.6 per cent of all financial
phishing. That’s a sharp increase from 2012 when bank phishing represented just 52 per
cent. Overall, fake bank websites were involved in twice as many (22.2 per cent) phishing
attacks in 2013.

Financial phishing targets in 2013

In 2013, Kaspersky Lab heuristic anti-phishing technologies blocked a total of 330
million attacks, an increase of 22.2 per cent from the previous year.

Fraudsters use the brand names of major companies with large client databases in
search of a big criminal profit. For example, about 60 per cent of all phishing attacks
using fake bank pages exploited the names of just 25 organisations. Among online payment
systems the phishers’ favourites are even more clearly-defined – 88.3 per cent of phishing
attacks in this category involved one of four international brands: PayPal, American
Express, MasterCard and Visa.

For several years in a row Amazon.com has been the most popular cover for phishing
attacks exploiting the names of online stores. Over the reported period its name was used
in 61 per cent of online trade-related phishing attacks. The Top 3 also included Apple and
eBay, but both of them lagged well behind Amazon.

“Phishing attacks are so popular because they are simple to deploy and extremely
effective. It is often not easy for even advanced Internet users to distinguish a
well-designed fraudulent site from a legitimate page, which makes it even more important
to install a specialised protection solution. In addition, phishing causes reputational
and financial damage to organisations that see their brands exploited in phishing
attacks,” commented Sergey Lozhkin, Senior Security Researcher at Kaspersky Lab.

The standard anti-phishing mechanisms in Kaspersky Lab security solutions for home
users and small businesses are supplemented with Safe Money
[http://www.kaspersky.com/downloads/pdf/kaspersky_lab_whitepaper_safe_money_eng_final.pdf ]
technology that reliably protects user data during online banking or payment sessions. The
effectiveness of this technology is confirmed by special trials carried out by independent
test labs such as AV-TEST, MRG Effitas and Matousec.

Companies which need to safeguard their clients from cybercriminals and to protect
their own reputations may benefit from Kaspersky Lab’s comprehensive Kaspersky Fraud
Prevention [http://www.kaspersky.com/business-security/fraud-prevention ] platform. It was
developed to deliver rigorous, multi-layered security for online banking and includes
programs for customer endpoints, a server solution to check customer transactions as well
as a set of components to develop protected mobile applications.

Phishers don’t just imitate the websites of financial institutions – they also
frequently attack via social networking sites. In 2013, the number of attacks using fake
pages of Facebook and other social networking sites grew by 6.8 percentage points and
accounted for 35.4 per cent of the total.

The ‘Financial cyber threats in 2013′ report used data obtained voluntarily from
Kaspersky Security Network
[http://www.kaspersky.com/images/KESB_Whitepaper_KSN_ENG_final.pdf ] participants.
Kaspersky Security Network is a globally distributed cloud-based infrastructure designed
to quickly process depersonalised data about threats which users of Kaspersky Lab’s
products encounter. Statistics about phishing attacks were obtained based on Kaspersky Lab
web anti-phishing detections.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection
solutions. The company is ranked among the world’s top four vendors of security solutions
for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained
an innovator in IT security and provides effective digital security solutions for large
enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the
United Kingdom, currently operates in almost 200 countries and territories across the
globe, providing protection for over 300 million users worldwide. Learn more at


* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue
by Vendor, 2012. The rating was published in the IDC report “Worldwide Endpoint Security
2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked
software vendors according to earnings from sales of endpoint security solutions in 2012.

Contact: Lauren White, +44(0)118-909-0909, Lauren.White@berkeleypr.co.uk

SOURCE Kaspersky Lab

Source: PR Newswire

comments powered by Disqus