WASHINGTON, D.C. – Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.
These schemes affected some 37.3 million users around in the 12 months to April 30, according to a report by the Russian-based security firm Kaspersky.
“The number of fraudulent websites and servers used in attacks has more than tripled since 2012, and more than 50 percent of the total number of individual targets were fake copies of the websites of banks and other credit and financial organizations,” Kaspersky said.
The attackers often use emails purportedly from trusted organizations like Yahoo!, Google, Facebook and Amazon, which are top targets, according to the report.
Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also commonly used to disguise phishing attempts.
Kaspersky said phishing has become a preferred method of cybercriminals.
“Although the specific targets of phishing attacks vary, the end goal of all malicious users engaged in this type of malicious activity is ultimately the same: to make money illegally,” the report said.
“This goal is achieved either by directly stealing cash from the victim, as in the case with fake online banking service pages, online storefronts, and subscriptions to online games.”
But attacks may also employ a more indirect approach, including the sale of stolen databases on the black market.
“A large collection of user data may come in handy for malicious users for a number of different fraudulent schemes involving spam mailings and the spread of malware,” the report said.
The countries most often hit by phishing attacks were Russia, the United States, India, Vietnam and the United Kingdom.
The location of “hostile servers” was most frequently in the U.S., the U.K., Germany, Russia and India, Kaspersky said.