Phishers target personal data, cash
03 April 2014, 15:17
Nairobi - Cyber crooks are pushing up their efforts to target financial information, a report on their activity suggests.
According to a survey conducted by Kaspersky Lab, 45% of phishing attacks were targeted using well-known names of banks and online payment systems.
That was up by 8% on 2012 as criminals pivot toward exploiting personal data harvested from fake websites.
In SA, there are common frauds using Sars or branded goods to lure consumers looking for bargains.
News24 often receives complaints from individuals who have had their bank accounts compromised by unscrupulous operators.
One scam involves a bidding website modelled on a legitimate platform and once you have entered your credit card details, the scammer hits your account with withdrawals of up to R600 per day, in some instances.
Unlike malware which infects a particular machine, phishing sites can potentially be a threat to any device that opens the website and scammers have been known to employ this technique in conjunction with spam e-mails.
Kaspersky said that in 2013, banks were the main target, used in over 70% of phishing attacks. That's up from 52% in 2012 and just four online payment platforms were used last year: PayPal, American Express, Master Card and Visa.
"Phishing attacks are so popular because they are simple to deploy and extremely effective. It is often not easy for even advanced internet users to distinguish a well-designed fraudulent site from a legitimate page, which makes it even more important to install a specialised protection solution," said Sergey Lozhkin, senior security researcher at Kaspersky Lab.
The company also found that criminals are increasingly turning to social network platforms, luring users to reveal logon details on a fake Facebook site.
In 2013, 35.39% of phishing attacks were attributed to social networking sites and a cyber criminal could, in theory, hijack your Facebook profile to exploit your friends and family with demands for cash.
Such a successful attack may also expose a person to identity theft where a criminal could eventually assume the victim's identity for a range of online services.
- Follow Duncan on Twitter