By Adedapo Adesanya
Internet security solutions giant, Kaspersky, has revealed that phishing activities were diversified as it intensified during the COVID-19 outbreak lockdown with over two million attacks in the second quarter recorded in Africa.
These and other findings were documented in Kaspersky’s new spam and phishing in Q2 2020 report.
According to the analysis, a number of new tricks have also been found – from HR dismissal emails to attacks disguised as delivery notifications. As a result of such tendencies, security solutions detected 2,023,501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda and Ethiopia.
Phishing is one of the oldest and most flexible types of social engineering attacks. They are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information. The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.
In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.
Phishing is a strong attack method because it is done at such a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
Kaspersky noted that the first six months of 2020, however, have shown a new aspect to this well-known form of attack.
According to sampled countries, South African users have been influenced the most by this type of threat: there were 616,666 phishing attacks detected in three months. It was followed by Kenya (514,361), Egypt (492,532), Nigeria (299,426), Rwanda (68,931) and Ethiopia (31,585).
In the Q2 analysis, Kaspersky noted that phishers increasingly performed targeted attacks, with most of their focus on small companies. It noted, “To attract attention, fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims. In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic.”
According to the firm, these fraudsters leveraging on the coronavirus pandemic disguised communications with unsuspecting users ranging from delivery, postal, financial, and HR services.
Commenting on this, Ms Tatyana Sidorina, a security expert at Kaspersky noted, “When summarising the results of the first quarter, we assumed that COVID-19 would be the main topic for spammers and phishers for the past few months. And it certainly happened.
“While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” she added.
Kaspersky experts then advised users to take the following measures to protect themselves from phishing. These include: checking online addresses in unknown or unexpected messages; never entering credentials on non-secure or ingenuine websites, and using a proper security solution with behaviour-based anti-phishing technologies.