The Russian cybersecurity firm Kaspersky has released its 2021 Spam and Phishing Report which identifies the key annual trends in spamming and phishing. The report shows 45.56% of global email volume consisted of spam emails, with Russia the biggest culprit, with 24.77% of spam emails coming from Russian IP addresses and German IP addresses used to send 14.12% of the year’s spam emails.
Legitimate organizations such as banks and financial institutions were actively promoting investments in 2021, and cybercriminals were quick to jump on the bandwagon. There was an increase in investment scams where the names of well-known companies and successful individuals such as Elon Musk were used to try to trick individuals into transferring money into fake investments.
Another trend observed by Kaspersky was fake offers to see the latest movie releases online ahead of the official release date. These offers, which ran up until the official release date, required individuals to register on the site to view the advertised movie, which needed a credit card to set up an account. After credit card details were entered, they would have funds debited but no movie would be provided.
2021 saw the continuation of major phishing scams on businesses, often using fake business correspondence as the lure to get employees to part with their credentials. Fake work documents such as shared files requesting collaboration, payment requests/invoices, and fake shipping notices were commonplace. 2021 also saw an increase in attacks on businesses using cloud services as bait, including fake notifications about Microsoft Teams meetings and salary information shared via SharePoint to get individuals to part with their credentials.
As was the case in 2020, COVID-19 themed lures in phishing emails were commonplace, with scammers using a variety of COVID-19 themes in 2021 including messages about compensation, subsidies, COVID-19 laws, fake COVID-19 test results, COVID-19 vaccination information, and spoofed government communications.
Kaspersky said it blocked 253 million phishing attempts in 2021. Brazil was the country most targeted with phishing attacks, accounting for 12.39% of the total, closely followed by France (12.21%). The most spoofed companies were online stores, accounting for 17.61% of phishing attacks spoofing brands, followed by global Internet portals (17.27%), payment systems (13.11%), and banks (11.11%).
342,000 messenger-based phishing attacks were blocked by Kaspersky in 2021. Messenger-based phishing attacks were most commonly conducted on WhatsApp users, with the brand accounting for 90% of attacks, followed by Telegram and Viber, both accounting for 5% of messenger-based phishing attacks.
The distribution of malware via email remains common. Kaspersky said it blocked over 148 million malicious email attachments in 2021. The Agensla Trojan family was the most widely distributed type of malware, followed by Badun Trojans, exploits for the CVE-2017-11882 Microsoft Equation Editor vulnerability, and Taskun Trojans. Spain was the country most targeted with malicious email attachments, experiencing a large rise in percentage share of malicious attachments for the second year in a row, with attacks on Russia and Italy the next most common.
“The key trends in phishing attacks and scams are likely to continue into the coming year. Fresh ‘investment projects’ will replace their forerunners. ‘Prize draws’ will alternate with holiday giveaways when there’s a special occasion to celebrate. Attacks on the corporate sector aren’t going anywhere either,” said Kaspersky.
The pandemic continues to be one of the most common themes in scams and phishing emails, and Kaspersky believes those scams will continue throughout 2022. “Due to the intensity of the measures being imposed in different countries to stop the spread of the virus, we’ll more than likely see a surge in the number of forged documents up for sale on the dark web, offering unrestricted access to public places and allowing holders to enjoy all the freedoms of civilization.”