The spam and phishing scene last year was a mixed bag: The average amount of spam in 2017 decreased to 56.63%, which is 1.68% less than in 2016. However, the number of phishing attacks increased – the Kaspersky Lab anti-phishing system was triggered 246 million times on the computers of Kaspersky Lab users, which is 59% higher than in 2016.
According to Kaspersky Lab’s Spam and Phishing in 2017 report, spammers have shown themselves to be thoughtful actors, instantly monitoring global issues and major events worldwide with one main purpose: to capture and capitalize on their victim’s attention. These cybercriminals have been following a global agenda by using hot topics such as the FIFA World Cup and Bitcoin to fool users and steal their money or personal information in the last 12 months.
For instance, while the world was intensively preparing for the World Cup last year, spammers were actively spreading related emails, sending victims fraudulent messages with official logos of the event, including organizers and sponsor brand information, notifying users about lottery wins and even promising free tickets.
Another hot spam and phishing topic in 2017 was cryptocurrency – as Bitcoin’s price drastically increased. Kaspersky Lab researchers had previously recorded a growth in blockchain-themed tricks in the third quarter of 2017. For instance, criminals have been using tricks such as websites disguised as cryptocurrency exchanges or fake services offering cloud mining (e.g., the use of specialized data centers for rent). But in all cases, users became victims, losing money instead of earning any profit.
In more traditional fraud schemes, such as fake lottery winnings, criminals have also started to use Bitcoin as bait. In addition to targeted address databases advertised through spam, databases with emails for cryptocurrency users have also been offered for purchase, promising great opportunities.
Moreover, criminals have distributed different types of malware in spam emails, under the guise of utilities for earning Bitcoins or instructions for cryptocurrency trading. However, importantly, CryptoLocker, whose creators demanded a Bitcoin ransom, have been detected in spam letters less than in the previous year.
“In 2017 we saw a slight decrease in spam activities, but throughout the year, spammers haven’t missed any reason to steal users’ personal information, keeping their eyes on what’s happening in the world. As sports events such as the upcoming FIFA World Cup and others take place, their activity will only increase,” said Darya Gudkova, spam analyst expert, Kaspersky Lab. “Moreover, in 2018 we expect further development and growth of cryptocurrency-related spam and phishing, with more cryptocurrency diversity besides Bitcoin, which was widely used in the previous year, and with 'pump and dump' schemes.”
The most popular source of spam was the US (13.21%), followed by China (11.25%) and Vietnam (9.85%). Others in the top 10 include India, Germany, Russia, Brazil, France and Italy. Also, the country most targeted by malicious mailshots was Germany (16.25%), showing a slight increase (2.12%) compared to 2016. Others in the top 10 include China, Russia, Japan, UK, Italy, Brazil, Vietnam, France and UAE. However, the largest percentage of users affected by phishing was in Brazil (29.02%). Overall, 15.9% unique users of Kaspersky Lab products worldwide were attacked by phishing during the year.