The number of banking and financial related phishing cases across the world increased by 9% in 2019.
In the same period, phishing cases related to payment systems remained the same, while online stores phishing dropped by 10%.
This is among the findings from Kaspersky’s analysis of the financial threat landscape across the globe for year 2019.
Findings of the research show that over 467 million phishing cases were detected in 2019, with more than half of these figures related to finance and banking. This is the second highest figure ever registered by Kaspersky, second only to the financial phishing cases detected in 2017.
The report attributed the increase in financial phishing to the low start-up capital required by the criminals. To get returns, the victims’ financial credentials are either used to steal from their accounts, or sold to other criminals.
Just four banking malware families accounted for about 87% of the attacks: ZBot, RTM, Emotet, and CliptoShuffler.
The report noted that users could be tricked with messages about the blocking of their accounts, or offers of some bonuses or mouth-watering deals.
It also linked some of the cases to phishing pages disguised as payment gateways, internet stores, and fake versions of online banking and payment systems.
“By clicking a link or entering credentials on pages like these, a user will not be accessing their account – they will be passing on important personal information to the fraudsters,” the report read.
Reduction in malicious crypto-mining
The Kaspersky report also noted that during the year, cybercriminals appeared to have lost interest in malicious crypto-currency mining, turning instead to broader digital issues and banking related phishing.
The report studied users in several countries across Europe, Asia and Africa, analysing malicious activities on the devices of individual users of Kaspersky security solutions, who volunteered to share their data.
Financial cyber-threats studied include malicious programs targeted at online banking users, e-money institutions, as well as malicious users that create fake financial-themed pages and emails to steal victims’ credentials, or attempt to gain access to financial organizations and their infrastructure.
Based on the findings, the solutions provider recommended tighter security checks in organisations, as “cyber-threats that aim to steal money are still out there.”
The report added that threats targeting organisations and businesses could be detected and blocked on a network level with the use of a secure internet gateway solution, even before it gets to employees or clients.