These and other findings are documented in Kaspersky’s new spam and phishing in Q2 2020 report.
Phishing is one of the oldest and most flexible types of social engineering attacks; they are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information.
The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.
In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised; this makes phishing a popular initial infection method.
According to Kaspersky, users in Saudi Arabia have been influenced the most by this type of threat; there were 973,061 phishing attacks detected in three months, followed by the UAE (617,347), Egypt (492,532), Oman (193,379), Qatar (128,356), Kuwait (106,245) and Bahrain (67,581).
As Kaspersky analysis indicated, in Q2 2020, phishers increasingly performed targeted attacks, with most of their focus on small companies.
The new agenda, following the Covid-19 outbreak, has already influenced the “excuses” fraudsters use when asking for personal information.
This included disguising their communications with unsuspecting users as delivery services, postal services, financial services and HR services.
Bahrain-based AI expert and president of the Artificial Intelligence Society Dr Jassim Haji told the GDN that phishers are taking advantage of the pandemic by using widespread awareness of the subject to trick users into revealing their personal information or clicking on malicious links or attachments, unwittingly downloading malware to their computers.
“They may even impersonate government organisations, ministries of health, and centres for public health or important figures in a relevant country in order to disguise themselves as reliable sources,” said Dr Haji.
“Their email messages that might ask you to open an attachment supposedly containing pertinent information regarding the coronavirus are likely to download malicious software onto your device as soon as you click on the attachment or embedded link.
“It could allow cybercriminals to take control of your computer, log your keystrokes or access your personal information and financial data, which could lead to identity theft,” he said.
Dr Haji advised people to not open unsolicited email from people unfamiliar to you or click on suspicious attachments, which you did not expect, and never supply any personal financial or credentials via email. Also to be aware of emails that insist you to act now, phishing emails often try to create a demand for immediate action.
“Watch for spelling and grammatical mistakes, if an email includes spelling, punctuation and/or grammar errors, it could be a phishing email, also check the link before you click. See your emails in plain text to look for the hyperlinked address to see the real hyperlink; if it is not the same as what appears in the email, it is probably a phishing attempt,” said Dr Haji.
“Be careful of third-party sources spreading information about Covid-19, refer to the official websites for updates on Covid-19; fraudulent e-mails can look like they come from a real organisation but legitimate government agencies will never call you or email you directly for this information.
“Needless to say to install anti-spam, anti-spyware and anti-virus software and make sure they are always up to date,” he said.
© Copyright 2020 www.gdnonline.com
Copyright 2020 Al Hilal Publishing and Marketing Group Provided by SyndiGate Media Inc. (Syndigate.info).