•Targeted, diversified attacks focused on small businesses
• Fraudsters disguised as delivery, postal, financial, HR services
A new spam and phishing report by global internet security firm, Kaspersky, has said security solutions detected two million phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda, and Ethiopia, just in the Second Quarter (Q2) of 2020.
The report revealed that phishing attacks have become increasingly more targeted, noting that a number of new tricks were found, ranging from Human Resources (HR) dismissal emails to attacks disguised as delivery notifications. As a result of such tendencies, security solutions detected about 2,023,501 phishing attacks.
Phishing is one of the oldest and most flexible types of social engineering attacks and could be used in many ways, and for different purposes, to lure unwary users to sites and trick them into entering personal information.
The unsuspecting users often include their financial credentials such as bank account passwords, payment card details, or even login details for social media accounts. In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised.
According to the report, South African internet users were influenced the most by this type of threat, as 616,666 phishing attacks were detected in the country during the period under review.
Phishing is a strong attack method because it is done on such a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
However, the first six months of 2020, showed a new aspect of this well-known form of attack, as malicious users diversified their system of operations and are now targeting small businesses.
Kaspersky analysis indicated that in Q2 2020, phishers increasingly performed targeted attacks, with most of their focus on small companies.
To attract attention, fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims.
Once a fraudster has gained access to an employee’s mailbox, they can use it to carry out further attacks on the company the employee works for, the rest of its staff, or even its contractors.
The report showed that the ongoing COVID-19 pandemic has already influenced the “excuses” that fraudsters use when asking for personal information. This included disguising their communications with unsuspecting users as delivery, postal, financial, or HR services.
Commenting to this, a security expert at Kaspersky, Tatyana Sidorina, said while summarising the results of the first quarter, the firm projected that COVID-19 would be the main topic for spammers and phishers in Q2, which certainly happened.
She noted that while there was rarely a spam mail sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, while some came up with new tricks.
At the peak of the pandemic, organisations responsible for delivering letters and parcels notified recipients of possible delays. Fraudsters began to fake these types of emails, asking victims to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination.
Another relatively original move used by fraudsters was a message containing the Noon spyware, positioned as a small image of a postal receipt. The scammers expected that the intrigued recipient would accept the attachment, which although it contained ‘JPG’ in the name, was an executable archive as the full version.
Meanwhile, bank phishing attacks in Q2 were often carried out using emails offering various benefits and bonuses to customers of credit institutions due to the pandemic. Emails received by users contained a file with instructions or links to get more details.
The weakening of the economy during the pandemic in a number of countries caused a wave of unemployment, and fraudsters did not miss this opportunity to strike. Depending on the scheme, fraudsters could gain access to users’ computers, personal data, or authentication data for various services.
In some cases, experts encountered various mailings that announced, for example, some amendments to the medical leave procedure, or surprised the recipient with the news about their dismissal.