Woburn, MA – May 23, 2018 – In the first quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented more than 3.7 million attempts to visit fraudulent social network pages, of which 60 percent were fake Facebook pages, according to Kaspersky Lab’s ‘Spam and Phishing in Q1 2018’ report.
Social network phishing is a form of cybercrime that involves the theft of personal data from a victim’s social network account. The fraudster creates a copy of a social networking website (such as a fake Facebook page), and tries to lure unsuspecting victims to it, forcing them to give up their personal data – such as their name, password, credit card number, PIN code and more – in the process.
At the beginning of the year, Facebook was the most popular social networking brand for fraudsters to abuse, and Facebook pages were frequently faked by cybercriminals to try and steal personal data via phishing attacks. This is part of a long-term trend: in 2017, Facebook became one of the top three targets for phishing overall, at nearly 8 percent, followed by Microsoft Corporation (6 percent) and PayPal (5 percent). In Q1 2018, Facebook also led the social network phishing category, followed by VK, a Russian online social networking service, and LinkedIn. The reason for this is likely to be the 2.13 billion active monthly Facebook users worldwide, including those who log in to unknown apps using their Facebook credentials, thereby granting access to their accounts. This makes unwary Facebook users a profitable target for cybercriminal phishing attacks.
The distribution of different types of social network phishing detected by Kaspersky Lab in Q1 2018
These findings reinforce the fact that personal data is valuable in the world of information technology, both for legitimate organizations and attackers. Cybercriminals are constantly searching for new methods to attack users, so it’s important to be aware of fraudster techniques to avoid becoming the next target. For example, a recent trend is the increase of spam emails related to GDPR, Europe’s General Data Protection Regulation. Examples include offers of paid webinars to clarify the new legislation or invitations to install special software that provides access to online resources to ensure compliance with the new rules.
“The continuous increase in phishing attacks - targeting both social networks and financial organizations - shows us that users need to pay more serious attention to their online activities,” said Nadezhda Demidova, lead web content analyst, Kaspersky Lab. “Despite the recent global scandals, people continue to click on unsafe links and allow unknown apps to access their personal data. Due to this lack of user vigilance, the data on a huge number of accounts gets lost or extorted from users. This can then lead to destructive attacks and a constant flow of money for the cybercriminals.”
Kaspersky Lab experts advise users to take the following measures to protect themselves from phishing:
Other key findings in the report include:
To learn more about spam and phishing in Q1 2018, read our blogpost on Securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com