An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations.
Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent containing hyperlinks to the site along with a valid reason for clicking. According to research conducted by Verizon, 12% of users click hyperlinks in phishing emails.
RSA notes that the majority of phishing attacks are conducted in the United States, Canada, and the Netherlands, which account for 69% of all attacks.
RSA has also drawn attention to a specific variant of phishing called vishing. Rather than using email, vishing attacks occur over the phone. A classic example involves a scammer pretending to be from the target’s bank. While the call is unsolicited, the scammer pretends that there is a security issue that needs to be resolved and requests sensitive information such as bank account information, passwords, and security questions and answers. Vishing accounts for 1% of all fraud attempts although it is a serious threat.
A new variant of vishing has even greater potential to achieve the desired result. Rather than the attacker calling a target, the attacks work in reverse with consumers calling the scammer. This is being achieved through search engine poisoning – Getting malicious websites listed in the organic search engine results. Other variants include false information posted on social media sites and help forums.
14% of fraud attacks involve brand abuse: Misleading posts on social media that spoof a well-known brand. 12% of fraud attacks involved Trojan horses – malware which is installed under false pretenses. Once installed, the malware harvests sensitive information such as banking credentials. 2% of fraud attacks involve the use of rogue mobile apps. 9,329 rogue mobile applications were identified by RSA in Q3, 2018.
Fraud through mobile browsers accounted for the majority of fraud transactions (73%) in Q3 – An increase of 27% since this time last year.