57% of Russians couldn’t distinguish a phishing site from the real one. This is reported by the developer of antivirus Avast. According to the survey, during which respondents were shown two screenshots of the login page of the social network "Vkontakte", more than half of respondents chose the phishing version of the site.
Avast also asked users if they know what phishing is - 55% of respondents said "no". When researchers explained them what phishing is, users were asked if they have ever been victims of phishing attacks – 14% of Russians answered "yes", 34% "found it difficult to answer".
According to Avast, Russians faced the following types of phishing scams: phishing websites – 46%; 22% – email phishing; 17% – SMS phishing; 16% – telephone scams.
Phishing is widespread because it allows attackers to create large-scale attacks. Cybercriminals use social engineering methods to predict the behavior of the person and cheat him. "In August 2019, we blocked 1 942 770 phishing attempts that were directed against 216 364 of our Russian users, – said Alexey Fedorov, head of Avast representative office in Russia and the CIS. – Phishing links that lead to malicious websites can be sent in emails. They can also be attached to messages on social networks and apps like Facebook and WhatsApp, or appear in search results".
For the study, Avast surveyed 1 011 of its customers in Russia between August 15 and September 12, 2019.
According to Kaspersky company, the average monthly number of attacks increased by more than 350% in 2018. Effective protection against phishing is multifactor authentication, and even better when it is used in combination with a soft token in a mobile authenticator application, and not with a code in SMS, explains Artem Sinitsyn, head of information security programs, Microsoft in Central and Eastern Europe.
The digitalization of services and people's desire for comfort are pushing users to enter personal data in the Internet more often, says Ilya Repkin, manager of the product promotion department, Security Code company. According to him, the main method of protection - care in working with mail and websites.
Andrey Arsentiev, head of the analytics and special projects department, InfoWatch, believes that phishing attacks on individuals and the corporate segment differ significantly in their realization mechanisms. Scammers, not very knowledgeable in the technical means, can be involved in the case of individuals. Attacks mainly go to users of social networks, visitors to dating sites, as well as the authors of ads on electronic platforms. The main thing here is the knowledge of psychology and skillful play on the feelings of people, Andrei Arsentiev notes.
According to the expert, when attacking the corporate sector, attackers tend to be more technically savvy. They often use mailings with malicious attachments. Andrey Arsentiev expects that in the near future the scale of phishing will grow both in the private sector and in business.
Group-IB estimates that more than 80% of money theft occurs using social engineering methods. This means that malware is either not used at all or participates only in one of the stages of theft.
The total number of phishing resources located in various domain zones, including RU, identified and blocked by CERT-GIB in 2018 increased by 77% compared to 2017. The average growth was 15% each quarter. Thus, in 2018, as part of the work of CERT-GIB, the activity of 4494 sites was suspended because of phishing purposes.
Phishing is one of the most common types of cybercrime in the world, with the help of which accounts and bank information are often stolen, Maxim Yakushev, the press Secretary of Dr. Web, is sure. The real scale of the disaster can only be a guess. "Modern malware in most cases doesn’t reveal itself at all on computers. The user is unaware of the threat until the malware is triggered, and often remains unaware that someone alien lives in his computer. In such situations, the PC owner doesn’t know that his personal data has already been stolen, and the money from the bank account has been cashed by the attackers", – said Maxim Yakushev.
Phishers parasitize on the carelessness of their victims, their ignorance of the basis of network security and credulity. The specialist advises not to enter information about the bank card if they are requested to participate in the lottery, promotions, during a telephone conversation, in the received letter.