Over 37 million users experienced phishing attacks last year, India at higher risk

Infotech Lead America: The latest report from Kaspersky Lab on the evolution of phishing attacks 2011-2013 finds that 37.3 million users experienced phishing attacks last year.

The attack mostly targeted bogus search and email services, social networks, banks, financial organizations and e-shops.

Phishing attacks most often target users in Russia, the USA, India, Vietnam and the UK. Vietnam, the USA, India and Germany have the greatest number of attacked users – the total number of attacks in these regions has doubled since last year.

The majority of the servers hosting phishing pages were registered in the USA, the UK, Germany, Russia and India. The number of unique attack sources – such as fraudulent websites and servers – has more than tripled from2012-2013.

According to the report, the number of Internet users who faced phishing attacks over the last 12 months has grown from 19.9 million to 37.3 million, an increase of 87 percent. Facebook, Yahoo, Google and Amazon are among main targets of cybercriminals.

The study concludes that what was once a subset of spam has evolved into a rapidly growing cyber threat in its own right.

Phishing is used by criminals to create a fake copy of a popular site –an email service, an Internet banking website, a social networking site, etc. —to lure the users to these rogue web pages.

The unsuspecting user enters their login information and passwords into these carefully forged websites as they normally would, but these access credentials are instead sent to the cyberiminals.

For a long time, phishing was regarded as a variation of typical spam emails. However, the data from this survey confirms that the scale of phishing attacks has reached such a significant level that they should be regarded as a dangerous threat category of their own, not merely an off-shoot of general spam.

In fact, email is no longer the most common delivery mechanism for phishing emails. For example, only 12 percent of all registered phishing attacks were launched via spam mailings. The other 88 percent of cases came from links to phishing pages which people followed while using a web browser, a messaging system (Skype, etc.) or otherwise interacting with the computer.

During the survey, Kaspersky Lab specialists compared data on phishing attacks from over 50 million Kaspersky Security Network users between 1 May 2012 and 30 April 2013 with figures for the equivalent period of 2011-2012.

In 2012-2013, phishers launched attacks affecting an average of 102,100 people worldwide each day – twice as many as in 2011-2012.

Over half (56 percent) of all identified unique attack sources were found in just 10 countries, which means the attackers have a small set of preferred “home bases” to launch their attacks.

The services of Yahoo!, Google, Facebook and Amazon were most often attacked by phishers – 30 percent of all registered incidents involved fake versions of their sites;

Over 20 percent of all phishing attacks mimicked banks and other financial organizations. American Express, PayPal, Xbox live, Twitter and etc. are in Top 30 most targeted sites.

[email protected]