Phishing in financial sector on the rise

In 2017 Kaspersky Lab’s anti-phishing technologies detected over 246 million user attempts to visit different kinds of phishing pages. Of those, over 53 percent were attempting to visit a financial-related website – 6 percentage points higher compared to data from 2016.

This is the first time since recording phishing attempts that figures have reached over 50 percent, according to an analysis of the financial threat landscape by Kaspersky Lab.

Financial phishing attacks are fraudulent messages which link to copycat websites that appear legitimate. They aim to gain users’ credentials for banking and credit accounts, and data to access online banking or money transfer accounts – all for the purpose of stealing the victims’ money afterwards. With 53% of phishing attacks taking this form, more than every second attack across the world is looking to steal a victims’ money.

In 2017 the share of all financial phishing categories – attacks against banks, payment systems and e-shops – grew by 1.2, 4.3, and 0.8 percentage points respectively and made up the top 3 categories in overall phishing attacks detected – for the first time.

Moreover, attacks related to the global internet portal category – which includes global search engines, social networks, etc. – fell from the second place in 2016 to fourth position in 2017 with a decrease in share of more than 13 percentage points. This shows that criminals show less interest in stealing these types of accounts and are now focusing on accessing money directly.

The data also shows that Mac users are in increasing danger. Contrary to popular belief about the security of Mac devices, 31.38 per cent of phishing attacks in 2016 against users of the platform were aimed at stealing financial data. The share peaked in 2017, reaching 55.6 per cent.

“The increased focus of cyber criminals to conduct financial phishing attacks means users need to remain extra vigilant. To get to grips with our money, fraudsters are constantly looking for new methods and techniques to catch us out. We need to be just as much determined to not let them succeed, by constantly investing in cyber literacy,” said Nadezhda Demidova, lead web content analyst at Kaspersky Lab.

In order to protect themselves from phishing, Kaspersky Lab experts advise users to take the following measures:
• Always check the legitimacy of the website when paying online. This includes https connections and the domain name belonging to the organization that you think you are paying.
• Use a proven security solution with behavior-based anti-phishing technologies. This will make it possible to identify even the most recent phishing scams which haven’t yet been added to anti-phishing databases.
Other key findings in the report include:

• In 2017 the share of financial phishing increased from 47.5% to almost 54% of all phishing detections. This is an all-time high according to Kaspersky Lab statistics for financial phishing.
• More than every fourth attempt to load a phishing page blocked by Kaspersky Lab products is related to banking phishing.
• The share of phishing related to payment systems and e-shops accounted for around 16% and almost 11% accordingly, in 2017. This is slightly (by single percentage points) more than in 2016.
• The share of financial phishing encountered by Mac users grew nearly twice, accounting for approximately 56%.

Banking malware:
• The number of users attacked with banking Trojans fell from 1,088,900 in 2016 to 767,072 in 2017, showing a decrease of 30%.
• 19% of users attacked with banking malware were corporate users.
• Users in Germany, Russia, China, India, Vietnam, Brazil and the US are those most often attacked by banking malware.
• Zbot is still the most widespread banking malware family (almost 33% of attacked users) being challenged by the Gozi family (27.8%).

Android banking malware:
• In 2017 the number of users that encountered Android banking malware decreased by almost 15% to reach 259,828 worldwide.
• Just three banking malware families accounted for attacks on the vast majority of users (over 70%).
• Russia, Australia and Turkmenistan are the countries with the highest percentage of users attacked by Android banking malware.