Over a Quarter of Phishing Attacks in 2014 Targeted Users’ Financial Data

Woburn, MA – February 12, 2015 -Kaspersky Lab today announced the study, ‘Financial Cyber-Threats in 2014,’ which found that 28.8 percent of phishing attacks last year aimed to steal financial data from consumers. The results show how cybercriminals have shifted their focus from banks to payment systems and online shopping websites.

Statistical highlights from the report include:

• Cybercriminals used the names of well-known banks in 16.3 percent of attacks; in 2013, the level of bank phishing was 22.2 percent;
• In the Payment Systems category, cybercriminals mostly targeted data belonging to Visa card owners (31.02 percent), PayPal (30.03 percent) and American Express (24.6 percent).
• The names of well-known online shopping sites were used in 7.3 percent of attacks compared to 6.5 percent in 2013;
• In 5.1 percent of cases, Kaspersky Lab’s protection technologies were triggered by phishing pages mentioning payment systems, which is 2.4 percent more than in 2013.
• The proportion of financial phishing detected on Mac systems increased by 9.6 percent compared to the previous year, representing 48.5 percent of all instances in which the anti-phishing component of Kaspersky Lab security products for Mac OS X was triggered.

Phishing is a type of Internet fraud that is used by cybercriminals to lure users into providing their data (account logins and passwords and other personal information) by creating fake Web pages to imitate popular online resources.

Last year, the proportion of financial phishing to all phishing attacks fell by 2.7 percentage points compared to 2013, primarily due to a decrease in the level of phishing targeting banks. At the same time, there was proportionally more phishing targeting other financial categories.

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02 percent of detections in this category), PayPal (30.03 percent) and American Express (24.6 percent). At the same time, in 2014 detections for phishing pages mentioning PayPal saw their share fall by 14.09 percent compared to 2013.

Amazon remained the most commonly-attacked brand in the Online Shopping category – 31.7 percent of attacks in this category used phishing pages mentioning the popular Internet-based retailer. However, this is 29.41 percent less than in the previous year.

“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively. That leads to a reduction in the levels of phishing that targets some of the larger brands. However, cybercriminals immediately responded by targeting new ‘markets.’ For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams,” said Nadezhda Demidova, web content analyst at Kaspersky Lab.

Kaspersky Lab experts have also recorded an increase in the proportion of financial phishing attacks against Mac OS X users. Overall, about 48.5 percent of all phishing attacks detected on computers with Kaspersky Lab security products for Mac installed on them were designed to steal financial data. In particular banks were mentioned in 29 percent of attacks, payment systems in 11.21 percent and online shopping sites in 8.32 percent of attacks. 

You can find information on other changes in the 2014 financial cyberthreats landscape in the full text of the report on Securelist.com.

Modern phishing websites are getting more and more sophisticated, making them very hard for consumers to recognize. That is why we recommend using an Internet security solution with an advanced anti-phishing technology in place. The anti-phishing module is included in key Kaspersky Lab products for home and corporate users, as well as Kaspersky Fraud Prevention – a platform created specifically to protect banks from online financial fraud. Its three components – anti-phishing databases, Kaspersky Security Network and heuristic analyzer – provide robust protection against phishing. The module’s effectiveness has been confirmed by independent test labs.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more atwww.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah (Bergeron) Kitsos 
781.503.2615
sarah.kitsos@kaspersky.com

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.