跳到主体内容

Financial threats in 2016: Every Second Phishing Attack Aims to Steal Your Money

2017年2月22日

Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab’s heuristic detection technologies were aimed at stealing their victim’s money, according to an analysis of the financial threat landscape by the company’s experts

Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab’s heuristic detection technologies were aimed at stealing their victim’s money, according to an analysis of the financial threat landscape by the company’s experts. Compared to 2015, the amount of financial phishing attacks increased 13.14 percentage points in 2016 to comprise 47.48% of all phishing attacks blocked by heuristic detection technologies.

In 2016 Kaspersky Lab’s anti-phishing technologies detected almost 155 million user attempts to visit different kinds of phishing pages. Of those, almost half of heuristic detections were attempts to visit a financial phishing page, i.e. where the aim was to obtain valuable personal information from users — such as their account numbers for banking, credit accounts, social security numbers, and the login and passwords they use to access online banking. The cybercriminals intended to use this information to steal money from their victims. This is the highest share of financial phishing registered to date by Kaspersky Lab.

Banking phishing schemes are the absolute leaders among all types of financial phishing. Every fourth (25.76%) attack used fake online banking information, or other content related to banks – a result that is 8.31 percentage points up on 2015. The share of phishing related to payment systems and e-shops accounted for 11.55% and 10.14% respectively, an increase of 3.75 p.p. and 1.09 p.p. compared to 2015. The share of financial phishing detected on MacOS computers was 31.38%.

Financial-2016
The distribution of different types of financial phishing in 2016

Financial phishers are particularly keen to use data related to top multi-national banks, popular payment systems and Internet shops and auctions from the US, China and Brazil in their scams. The list of brands used stays the same from year to year, as their popularity remains high and they are therefore a lucrative target for cybercriminals.

“Financial phishing has always been one of the easiest ways for cybercriminals to earn illegal money. You don’t have to be a skilled programmer, and you don’t have to invest lots of money into supporting infrastructure. Of course, most phishing schemes are easy to recognize and avoid, but judging by what we see in our statistics, lots of people are still not cautious enough when it comes to dealing with financial data online. Otherwise, we wouldn’t have seen so many attacks in 2016,” said Nadezhda Demidova, senior web content analyst at Kaspersky Lab.

In order to protect themselves from phishing, Kaspersky Lab experts advise users to take the following measures:

  • When paying online always check the legitimacy of the website. The connection should be protected with Https, and the domain should belong to the same organization that you’re going to pay.
  • Always check the legitimacy of emails that you’re receiving from famous brands. Even if it urges you to do something urgently, like change your password etc. First, make sure that it was sent by a legitimate party - contact your bank or payment system representative to find out if the email really has been sent by them to you.
  • Don’t click the links in emails or web-pages if you have doubts about their legitimacy;
  • Use a proven security solution with behavior-based anti-phishing technologies. This will make it possible to identify even the most recent phishing scams which haven’t yet been added to anti-phishing databases.

To learn more about financial phishing and the other findings in the Financial Cyberthreats in 2016 report, read our blogpost on Securelist.com.

Financial threats in 2016: Every Second Phishing Attack Aims to Steal Your Money

Almost half of all phishing attacks (fraudulent email messages or copycat websites that appear legitimate) registered in 2016 by Kaspersky Lab’s heuristic detection technologies were aimed at stealing their victim’s money, according to an analysis of the financial threat landscape by the company’s experts
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻