According to a new report, phishing operations overwhelmingly choose to impersonate social networks (35.39%) and financial organizations (31.45%) to compromise targets, accounting for more than two-thirds of the “bait” employed by attackers.
“Phishing, or creating fake copies of sites to obtain confidential user data, is a very common cyber threat. This is largely due to the fact that to deploy the simplest phishing campaign, cybercriminals do not need to have specific programming knowledge – it’s enough to have certain skills in creating web pages,” the report states.
“The main purpose of phishing is to convince the victims they are visiting a real site, not a fake one. These attempts are often successful so phishing campaigns are used both as the main tool to obtain sensitive user information and as part of a complex attack to lure users to a site from which malware will be downloaded on to their device.”
The report notes that the majority these phishing operations are specifically to gain direct access to victim’s banking accounts in order to pilfer funds, providing immediate financial gain for the attackers, as opposed to those who seek to compromise systems with malware that can be used to create botnets for spamming or DDoS attacks, for the which the owners then have to market the services in order to make money.
Key findings in the report include:
- 31.45% of all phishing attacks in 2013 targeted financial institutions
- 22.2% of all attacks involved fake bank websites; the share of banking phishing doubled compared with 2012
- 59.5% of banking phishing attacks exploited the names of just 25 international banks. The rest of the attacks used the names of 1000+ other banks
- 38.92% of all instances that required intervention by Kaspersky security technologies on Mac computers were triggered by “financial” phishing sites
“The conclusion here is obvious: the attackers are increasingly focusing on bank web services and this is one of the strongest trends in the area of phishing threats,” the report noted.
Read More Here…