Kaspersky’s research revealed that phishing attacks target them. Several new tricks have also been discovered, from HUMAN resource redundancy emails to attacks disguised as delivery notifications. As a result of these trends, security responses detected 2,578,501 phishing attacks in Egypt, the United Arab Emirates, Saudi Arabia, Qatar, Kuwait, Bahrain and Oman. These and other effects are documented in Kaspersky’s new spam and phishing report in the second quarter 2020 report.
Phishing is one of the oldest and most flexible types of social engineering attacks. They are used in many tactics and for other purposes to attract unsuspecting users to the site and inspire them to enter non-public data. This includes monetary credentials, such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, this opens the door to various malicious operations, such as stealing cash or compromising corporate networks. This makes phishing a popular initial infection method.
Users in Saudi Arabia were the most influenced by this type of threat: 973,061 phishing attacks were detected in 3 months. It followed (United Arab Emirates 617,347), Egypt (492,532), Oman (193,379), Qatar (128,356), Kuwait (106,245), Bahrain (67,581).
Phishing is a hard attack approach because it takes place on such a giant scale. By sending giant waves of emails under the call of valid establishments or by selling fake pages, malicious users increase their chances of good fortune in finding innocent credentials. However, the first six months of 2020 showed a new facet of this well-known form of attack.
Targeted attacks: small in the spotlight
As Kaspersky’s research pointed out, in the last quarter of 2020, phishers carried out more and more targeted attacks, mainly targeting small businesses. To get attention, scammers have faked emails and websites from organizations whose products or facilities can simply be purchased through potential victims. In the process of creating those fake assets, the scammers didn’t even check to make the site look authentic.
These targeted phishing attacks can have serious consequences. Once a fraudster has access to a worker’s mailbox, you can use it to generate new attacks on the company the worker works for, the rest of their subcontractors, or even them.
One touch and ready: new for old uses
The news agenda, following the COVID-19 outbreak, has already influenced the “excuses” that fraudsters use when requesting information. This included disguising your communications with unsuspecting users by:
“During the synthesis of the first quarter results, we assumed that COVID-19 would be the main topic of spammers and phishers in recent months. And it happened. While a few spams were sent without mentioning the pandemic, phishers adapted their old plans to make them applicable to the existing news agenda, as well as to locate new tricks,” says Kaspersky security expert Tatyana Sidorina.
Learn more about new phishing in Securelist.
Kaspersky experts advise users to follow the following steps to prevent phishing:
Kaspersky Lab is a global cybersecurity company that has been on the market for over 20 years. Kaspersky Lab’s deep experience in risk and security intelligence is constantly transformed into next-generation security responses and facilities to protect businesses, critical infrastructure, governments, and consumers around the world. The company’s comprehensive security portfolio includes terminal protection and a number of specialized security responses and facilities to combat complex and scalable virtual risks. More than 400 million users are protected through Kaspersky Lab technologies and we help 270,000 corporate consumers protect the issues that interest them most. Learn more about www.kaspersky.com.
Subscribe to our newsletter for updates and advanced content
Subscribe