Spam and Phishing at a GlanceIn Q2 2017, Kaspersky Lab saw the percentage of spam in overall email traffic increase by 17 percent from the previous quarter. The average percentage for the quarter was 56.97 percent, or about 1.07 percentage points (p.p.) greater than the previous quarter. By far, the largest proportion of 57.99 percent came in April. Here are some other notable spam statistics from the security firm for the quarter:
- Vietnam accounted for the biggest share of world spam at 12.37 percent. The United States was the only other country to register a spam portion in the double digits at 10.1 percent. China was responsible for 8.96 percent of the world's unsolicited messages, followed closely behind by India at 8.77 percent.
- Consistent with the first quarter, more than half (64.57 percent) of spam emails came in either one of two sizes. The "less popular" size category was 20-50 KB at 27.16 percent of all spam. Meanwhile, over a third (37.14 percent) of spammers chose an email size of between zero and two kilobytes, no doubt in an effort to evade detection.
- Trojan-Downloader.JS.SLoad was the most common malware spread via malspam campaigns at 8.73 percent of all malicious attachments.
Some Notable DevelopmentsKaspersky Lab detected several notable spam and phishing campaigns in Q2 2017. Among them was a malicious mailing that sought to capitalize on organizations' fear of falling victim to WannaCry. Kaspersky's Darya Gudkova, Maria Vergelis, Tatyana Shcherbakova, and Nadezhda Demidova reveal the details of this particular attack:
"… [The bad actors] sent out fake notifications on behalf of well-known software vendors informing recipients that their computers had been infected with ransomware and had to be updated. The link to the supposed update, of course, led to a phishing page. We came across emails that showed the attackers hadn’t taken much care when compiling their mailings, obviously hoping their victims would be in too much of a panic to notice some obvious mistakes (sender’s address, URLs, etc.)."
"…[T]he administrator was told they had a limited time to create a PHP file with specific content in the root directory of the site. The email also stated that failure to observe these conditions would mean the confirmation procedure had not been completed and support for the domain would be suspended. "If the script is launched on the victim’s site, the attackers would be able to gain control of the site and to run any code. In addition, the script makes it possible to collect all user data entered on the site where it is registered and run. The fact that many of these fake emails were sent to addresses belonging to banks, means we can assume that the scammers wanted to collect data entered on the website of those banks, including the logins and passwords used for Internet banking."Aside from mass mailings, Kaspersky Lab also saw instances where scammers tried to trick users with fabricated free airline ticket giveaways, fake browser warnings, and phishing pages whose URLs were Punycode-encoded.