Phishing attacks double in 2018 to almost 500m

Written by Peter Walker
13/03/2019

Kaspersky Lab’s anti-phishing system prevented more than 482 million attempts to visit fraudulent web pages during 2018, a two-fold increase on 2017, when 236 million such attempts were blocked.

Annual rises in the number of phishing attacks have been observed for the last few years, yet the figure for 2018 indicates a significant surge in the use and popularity of such attacks, according to the anti-virus software firm.

Phishing is one of the most flexible types of ‘social engineering’ attack, as it can be disguised in many ways and used for different purposes. To create a phishing page, all a hacker needs to do is create a replica of a popular or trusted website, lure unwary users to the site and trick them into entering personal information.

Phishing attacks - especially of the malicious link or attachment variety - are a popular initial infection vector for targeted attacks on organisations and part of a long running trend, with both 2017 and 2016 experiencing increases of 15 per cent on the previous year.

The financial sector was hit especially hard last year, with over 44 per cent of all phishing attacks detected by Kaspersky Labs aimed at banks, payment systems and online shops. There were almost as many financial phishing attacks in 2018 as there were phishing attacks overall in 2017.

“The rise in the number of phishing attacks could be influenced by the increased efficiency of social engineering methods used for enticing users to visit fraudulent pages,” said Tatyana Scherbakova, security researcher at Kaspersky Lab. “2018 was marked by the active exploitation of new schemes and tricks, such as scam-notifications, along with the perfection of old ones, for instance the traditional scams around Black Friday or national holidays.”

The 2018 report also found that the share of spam in mail traffic was 52.48 per cent, down 4.15 per cent on 2017, while the biggest source of spam was China (11.69 per cent).