According to a recent report conducted by The Anti-Phishing Working Group Inc., phishing attacks hit a record high during 2016, amounting to 1.22 million incidences, which is up 65% compared to 2015. In fact, during the fourth quarter of 2016, there was on average 92,564 attacks every month.
Phishing attacks are deceptive e-mails or fake sites fraudsters design to trick people into handing over confidential information. Fraudsters will send an e-mail out disguised as a legitimate business, bank, or as a friend. Typically, phishing emails require a user to take action, such as clicking on a malicious website link or opening an attachment. Fraudsters create these e-mails and sites to be very convincing by including logos of businesses, tracking/shipping information, or contact information that appear to be reputable.
“Phishing is an attack that relies primarily on fooling people, rather than highly sophisticated technical implementations,” said APWG senior research fellow Greg Aaron, who is also a vice president at Princeton, N.J.-based iThreat Cyber Group, in a statement. “For that reason, phishing remains both popular and effective. Truly, phishing is more pervasive and harmful than at any point in the past.”
After a fraudster creates a phishing email, they will then send the email to millions of people worldwide in hopes to steal their confidential information and use it for fraudulent purposes. The more e-mails fraudsters’ send, the more people they are able to target and hack.
"When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don't reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels,” recommended eOnGuardOnline.gov.
The APWG’s report comes at a time when other warning signs show that fraud is increasing. A study from Forter Inc. and the Merchant Risk Council stated that dollars at risk regarding online retailers surged to $4.98 per $100 of national sales during the fourth quarter in 2016, compared to $2.70 per $100 during 2015. Dollars at risk represents both actual and attempted fraud.
ThreatMetrix Inc., a security technology firm based in California, also reported there were 80 million cyber attacks involving fake credentials during 2016. Javelin Strategy & Research stated that identity theft incidences hit a record high during 2016 with over 15.4 million U.S. consumers targeted, up almost 18% from 2015.
"Financial phishing has always been one of the easiest ways for cybercriminals to earn illegal money," says Nadezhda Demidova, senior web content analyst at Kaspersky Lab. "You don't have to be a skilled programmer, and you don't have to invest lots of money into supporting infrastructure. Of course, most phishing schemes are easy to recognize and avoid, but judging by what we see in our statistics, lots of people are still not cautious enough when it comes to dealing with financial data online. Otherwise, we wouldn’t have seen so many attacks in 2016."
With phishing attacks at an all time high last year, it is important going forward for merchants and consumers to be on the lookout for phishing attempts and to be cautious when opening emails or attachments. Time will only tell if phishing attacks decrease during 2017.