Financial targets account for more than half of phishing attacks
More than half of phishing attacks in 2017 were aimed at getting hold of financial information according to a new report.
Kaspersky Lab's anti-phishing technologies detected more than 246 million user attempts to visit different kinds of phishing pages, with 54 percent being attempts to visit a financial-related website, compared to 47 percent in 2016.
Attacks against banks, payment systems and e-shops grew by 1.2, 4.3, and 0.8 percentage points respectively and made up the top three categories in overall phishing attacks detected. Meanwhile attacks against internet portals, including search engines and social networks fell from second place in 2016 to fourth position in 2017 with a decrease in share of more than 13 percentage points. This shows that criminals have less interest in stealing these types of accounts and are now focusing on stealing money directly.
The data also reveals that Mac users are in increasing danger. Contrary to popular belief about the security of Mac devices, 31 percent of phishing attacks in 2016 against users of the platform were aimed at stealing financial data. This increased in 2017, reaching 56 percent.
"The increased focus cyber criminals have on conducting financial phishing attacks means that users need to remain extra vigilant," says Nadezhda Demidova, lead web content analyst at Kaspersky Lab. "To get a hold of our money, fraudsters are constantly looking for new methods and techniques to trick us. We need to be just as determined to not let them succeed by constantly investing in cyber literacy."
While financial phishing increased, the number of users attacked with banking Trojans fell from 1,088,900 in 2016 to 767,072 in 2017, showing a decrease of 30 percent. Corporate users made up 19 percent of those attacked with banking malware. Zbot is still the most widespread banking malware family, accounting for almost 33 percent of attacked users, followed by the Gozi family on 28 percent.
You can find out more about the findings on the Kaspersky Securelist blog.