Financial Phishing and Banking Malware Surge in 2016

Nearly half of all phishing attacks are now designed to steal the victim’s money – an all-time high, according to new data from Kaspersky Lab.

The Russian AV vendor claimed that financial phishing attacks grew 13% in 2016 to reach 47% of all phishing detections made by its heuristic engines.

Victims are typically tricked into believing they are viewing genuine banking pages and socially engineered into handing over their log-ins as a result.

The effect on those brands which are phished can be a loss of trust and even customer attrition.

Nadezhda Demidova, senior web content analyst at Kaspersky Lab, argued that this type of phishing has always been one of the easiest ways for hackers to make money.

“You don’t have to be a skilled programmer, and you don’t have to invest lots of money into supporting infrastructure,” she added. “Of course, most phishing schemes are easy to recognize and avoid, but judging by what we see in our statistics, lots of people are still not cautious enough when it comes to dealing with financial data online.”

That’s not all. Kaspersky Lab also spotted an increase in banking Trojan attacks of 31% over the year, to reach over one million victims.

Nearly one in five (17%) were corporate users, with those in Russia, Germany, Japan, India, Vietnam and the US most affected.

Malware used to help the black hats do their dirty work included Zbot, Gozi, Nymaim, Shiotob, ZAccess, Tinba and Shiz.

In the second half of 2016, Android malware attacks soared 430% to reach 305,000 victims worldwide, driven mainly by attacks in Russia, the AV vendor added.

Two malware families were responsible for most of these attacks: Asacub, spread by SMS, and Svpeng, spread through Google AdSense.

Kaspersky Lab advised caution when surfing the mobile internet, especially if users have financial apps installed on their device.

What’s Hot on Infosecurity Magazine?