A new Kaspersky Lab study found that about one third (31.45 percent) of phishing attacks targeted online financial institutions including, banks, online stores and e-payment systems. Of those financial phishing attacks, 70.6 percent used fake bank webpages to acquire confidential user information and steal money from bank accounts, showing the strong trend of cyber criminals exploiting online financial services.
Phishing is a fraudulent scheme used by cybercriminals to obtain confidential consumer data with the help of fake webpages imitating Internet resources.
Phishing sites aimed at stealing consumers personal financial data mainly use the brand names of popular banking services. In 2013, the most popular phishing attacks used fake bank websites, which were involved in twice as many attacks in 2013 as they were in 2012. Within the 70.6 percent of phishing attacks using banks in 2013, about 60 percent exploited the names of just 25 organizations.
In addition, cybercriminals use the brand names of major companies with large client databases as a way to easily lure consumers to a fake website. Among attacks on e-payment systems, almost 90 percent of phishing attacks in this category fell on one of five international brands: PayPal, American Express, MasterCard International, Visa or Western Union. PayPal was the leading brand exploited, as the amount of attacks on this system reached 44.12 percent.
The report also shows how cybercriminals exploit the names of online stores in phishing scams. For several years in a row, Amazon.com has been the most popular – over the reported period, Amazon was used in 61 percent of phishing attacks in this category. Other brands that were used, included Apple (12.89 percent) and eBay (12 percent).
Sergey Lozhkin, Senior Security Researcher at Kaspersky Lab, said: “Phishing attacks are so popular because they are simple to deploy and extremely effective. It is often not easy for even advanced Internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialized protection solution. In addition, phishing causes reputational and financial damage to organizations that see their brands exploited in phishing attacks.”