The number of phishing attacks increased 27.5% in the third quarter of 2018 compared to the previous quarter, exceeding 137 million attempts to visit fake websites, according to Kaspersky Lab's Spam and Phishing Report in Q3 2018.
Phishing is often regarded as one of the most misleading types of cyber attacks, because it is based on technique social engineering and can escape attention. In many cases, violators make copies of a landing page known, encouraging victims to enter their login data along with other valuable information or pay for services that do not exist. The consequences of such attacks can range from money losses to the expense of all entities where employees have not been careful enough and have provided violator authentication data to access the system.
On T3, more than 137,382 million attempts to visit phishing sites were detected, more than half of the figures recorded throughout 2017. The rapid increase in phishing attacks continued the trend in the previous quarter of 2018.
More than a third of all phishing attacks targeting banks, payment systems and e-commerce, rose from 20% on T2.
On S.C.C.O. Sibiu was registered in the 2017-2018 period of two criminal cases in which the investigation was carried out in the case of violating "computer fraud", a crime provided by art. 249 of the Criminal Code, a criminal case in which the company suffered material losses of 14,000 euros and 11,000 dollars. Also, investigations have been carried out on the crime of trying "computer fraud" in three other criminal cases where companies from the Sibiu area were determined to transfer a different amount of money (amounting to US $ 110,000), transactions that were not completed, blocked in a timely manner. This research was carried out under the supervision of the Prosecutor's Office attached to the Sibiu Court.
Countries with the highest percentage of users attacked in Q3 were Guatemala, with almost 19%, surpassing the leaders of the previous quarter, Brazil, which is now ranked second, with a small difference of 18.6%. Spain ranks third with 17.5% of users targeted by phishing attacks.
Kaspersky Lab experts advise users to take a number of steps to protect themselves from phishing, such as verifying the link address and sender's email to see if it's real, and using a secure connection. For maximum security, experts recommend installing a VPN solution that encrypts traffic. In unprotected connections, cybercriminals can direct you, without notice, to a phishing page.
Sibiu IPJ Recommendations for Prevention of Computer Fraud by "Social Engineering"
Social engineering is the art of manipulating or influencing other people to take certain actions or to disclose confidential information. This term usually applies to those who use tricks to gather information or access information systems. Such violations may involve abuse of bank transfers made by commercial companies in economic relations.
This criminal scheme of facts involves compromise and unauthorized access to email accounts used by business companies in business relationships, monitoring company employee correspondence, and simulating real letters through email addresses similar to partner companies. The end result may be misusing the transfer of money to a different bank account from the beneficiary, which is controlled by other members of the criminal group.
Unauthorized compromises can be made through phishing attacks. Criminals send e-mail messages that are misleading to victims and cause them to access different links and enter account passwords, or download file viruses that infect computer systems and provide violators with control over letters.
To prevent such fraud, the Police recommend:
· Change access passwords in email accounts used in commercial activities on a regular basis using two-step authentication;
· Limit the use of computers to make financial transactions from their use for other purposes (accessing personal e-mail, social networks), thus avoiding the risk of infecting malicious software;
· Establish clear work procedures and inform employees about possible risks;
· Phone confirmation for atypical operations or when transferring to a bank account other than the usual one needed;
· Avoid answering emails asking to change your bank account by using the "replay" feature and creating a new email requesting this confirmation;
· Inform the police as soon as possible if the company is involved in such a case.