ThreatList: Financial-Themed Phishing Hooks Targets in Q2

In addition to traditional phishing, fraudulent cryptocurrency offers pose a rising trend.

The financial sector continued to be a main target of phishing attacks in the second quarter. Kaspersky Lab’s Spam and Phishing in Q2 2018 report found that one-third (35.7 percent) of observed attempts were related to financial services (including banks, payment services and online stores), targeting customers via fraudulent banking or payment pages to lift sensitive information like name, password, email addresses, phone numbers, credit-card information and PIN code.

The distribution of different types of financial phishing attacks detected by Kaspersky Lab in Q2 2018.

According to an analysis of 107 million attempts, the second quarter of 2018 was a busy one on the phishing front for users of financial services, with nearly a quarter (21.1 percent) of attacks featuring banks, followed by e-shops (8.17 percent) and payment systems (6.43 percent).

“The permanence of attacks targeting financial organizations reflects the fact that more and more people are using electronic money,” said Nadezhda Demidova, lead web content analyst at Kaspersky Lab. “Still, not all of them are sufficiently aware of the possible risks, so intruders are actively trying to steal sensitive information through phishing.”

However, it should be noted that in comparison with Q1, the share of attacks on financial organizations decreased by 8.22 percent.

The IT sector was the second-hardest hit in the quarter, with 13.83 percent of attacks targeting technology companies – a 12.28 percent increase compared to Q1.

In addition to traditional phishing, which helps access victim accounts and private key information, a new trend is for cybercriminals to try to force their victims to independently transfer cryptocurrency to a fraudulent wallet. One of the tactics is to send emails offering “free distribution” of the cryptocurrency, while another is for scammers to exploit the names of new initial coin offering (ICO) projects to raise funds from potential investors.

Examples of phishing pages imitating the authorization pages of popular cryptoexchanges.

Using these two tricks, Kaspersky Lab estimates that intruders earned more than $2.3 million, even without taking into account any revenues from classic phishing schemes. There were almost 60,000 attempts to visit fraudulent web pages featuring popular cryptocurrency wallets and exchanges from April to June 2018.

In terms of geography, Brazil remained the country with the largest share of users attacked by phishers in the second quarter of 2018 (15.51 percent). This was followed by China (14.44 percent), Georgia (14.44 percent), Kirghizstan (13.6 percent) and Russia (13.27 percent).

Spam email remains a top phishing vector; in the second quarter of 2018, the amount of spam peaked in May (51 percent). The average share of spam in email traffic worldwide was 50 percent.

China became the most popular source of spam, overtaking the U.S. and Germany; in terms of where that spam is aimed, the country most targeted by malicious mail was once again Germany. Russia came second, followed by the United Kingdom, Brazil and Italy.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.