In 2017 anti-phishing technologies detected over 246 million user attempts to visit different kinds of phishing pages. Of those, over 53% were attempts to visit a financial-related website – 6 percentage points higher compared to data from 2016. This is the first time since recording phishing attempts that figures have reached over 50%, according to analysis of the financial threat landscape by Kaspersky Lab.

Financial phishing attacks are fraudulent messages which link to copycat websites that appear legitimate. They aim to gain users’ credentials for banking and credit accounts, and data to access online banking or money transfer accounts – all for the purpose of stealing the victims’ money afterwards. With 53% of phishing attacks taking this form, more than every second attack across the world is looking to steal a victims’ money.

In 2017 the share of all financial phishing categories – attacks against banks, payment systems and e-shops – grew by 1.2, 4.3, and 0.8 percentage points respectively and made up the top 3 categories in overall phishing attacks detected – for the first time.

The distribution of different types of financial phishing detected by Kaspersky Lab in 2017

Moreover, attacks related to the global internet portal category – which includes global search engines, social networks, etc. – fell from the second place in 2016 to fourth position in 2017 with a decrease in share of more than 13 percentage points. This shows that criminals show less interest in stealing these types of accounts and are now focusing on accessing money directly.

The data also shows that Mac users are in increasing danger. Contrary to popular belief about the security of Mac devices, 31.38% of phishing attacks in 2016 against users of the platform were aimed at stealing financial data. The share peaked in 2017, reaching 55.6%.

“The increased focus of cyber criminals to conduct financial phishing attacks means users need to remain extra vigilant. To get to grips with our money, fraudsters are constantly looking for new methods and techniques to catch us out. We need to be just as much determined to not let them succeed, by constantly investing in cyber literacy,” said Nadezhda Demidova, lead web content analyst at Kaspersky Lab.

In order to protect themselves from phishing, Kaspersky Lab experts advise users to take the following measures:

  • Always check the legitimacy of the website when paying online. This includes https connections and the domain name belonging to the organization that you think you are paying.
  • Use a proven security solution with behavior-based anti-phishing technologies. This will make it possible to identify even the most recent phishing scams which haven’t yet been added to anti-phishing databases.

(Source: Kaspersky Lab)