Phishing is one of the oldest and most flexible types of social engineering attacks. It is used in many ways, and for different purposes, to lure unwary users to fake sites and trick them into entering personal information.
The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.
In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.
According to Kaspersky, phishing attacks are becoming increasingly more targeted. A number of new tricks have also been found – from HR dismissal emails to attacks disguised as delivery notifications.
As a result of such tendencies, security solutions have detected 2,023,501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda, and Ethiopia.
South African users have been influenced the most by this type of threat: there were 616,666 phishing attacks detected in 3 months. It was followed by Kenya (514,361), Egypt (492,532), Nigeria (299,426), Rwanda (68,931), and Ethiopia (31,585).
Phishing is a strong attack method because it is done on such a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
The first six months of 2020, however, have shown a new aspect to this well-known form of attack – phishers increasingly performed targeted attacks, with most of their focus on small companies.
To attract attention, fraudsters forged emails and websites from organizations whose products or services could be purchased by potential victims. In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic.
Take the following measures to protect yourself from phishing:
- Always check online addresses in unknown or unexpected messages, whether it is the web address of the site where you are being directed, the link address in a message and even the sender’s email address, to make sure they are genuine and that the link in the message doesn’t hide another hyperlink.
- If you are not sure that the website is genuine and secure, never enter your credentials. If you think that you may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details were compromised.