Spam and Phishing Data in 2019
On the image: Curiosity does not kill, but in a thoughtless click, the cracker will love it
In this article we will analyze the operational strategies of spamming and phishing methods during the first half of the year 2019. Before we begin the actual investigation, it is important to remember that spam refers to unsolicited messages, usually in e-mail or SMS format, that contain exclusively commercial content and may be associated with the habits of use in browsers. Phishing, on the other hand, is a type of fraud in which a criminal tries to obtain personal data from a victim by means of a malicious email or tries to make the victim download a malicious file.
It is notable that spamming and phishing rates for simple users outside of the business world grow exponentially at the time of commemorative dates. According to a SecureList report, one of the target dates in early 2019 was Valentine's Day, which is celebrated on February 14. According to the site, cybercriminals exploit everything, from websites and dating applications to online flower shops, but the most common scam was emails in ad formats of possible gifts that could be purchased, and when the ad was clicked on, the user's personal or banking information was sent to criminals.
Another technique that was widely used by cybercriminals this year was to create fake pages for product launches and technical support. At the end of March, the electronics company Apple launched its latest products and, taking advantage of the great interest of the public, cybercriminals created access pages identical to the official pages of the brand, leading many people to have their data stolen. Similar to this, cybercriminals also take advantage of the high demand for specialized technical support, creating fake profiles that promote and recommend sites that are not truly technical support.
Another method used by cybercriminals this year was the firing of phishing emails in the form of notifications from large companies. A similar and widely used technique is the firing of "dream job" emails, in which receivers were invited to send their information and download a special application to apply for a job.
The corporate and banking areas also suffered attacks in early 2019. An example of this is what happened to the corporate part of Runet (Russian internet), which suffered spam attacks that simulated business correspondence, passing through the company's partners and employees. Another situation, this time with a bank, was where cybercriminals simulated being from the Bank of New Zealand and appropriated the terrorist episode in Christchurch to steal personal data from the bank's clients.
Please note that the above situations serve as a warning about how spamming and phishing are real and dangerous actions and should not be treated lightly. The SecureList report shows that 50% of email traffic is composed of spam, with Brazil occupying 4th place as spam sender (6%) and 8th place as receiver (2%). However, in the first half of 2019, Brazil was the country with the most users attacked by phishing, containing 21.66% of all global attacks.
This data makes it clear that we increasingly have to worry about the security and integrity of our data in the virtual world. With this in mind, Perallis Security developed Hacker Rangers, a key tool for raising user awareness of cybersecurity.
If you're interested in protecting your business by teaching your users to protect themselves first, Hacker Rangers is an alternative to traditional approaches to information security awareness and is the only 100% gamified platform for security awareness. Know more about Hacker Rangers in https://hackerrangers.com and get in touch to know the best options for your company.
Translated from: https://www.perallis.com/news/dados-sobre-spam-e-phishing-em-2019/