8.7% people in Nigeria, SSA suffer phishing in 2022

•Global attacks exceed 500 million
Cybersecurity solution provider, Kaspersky, has disclosed that its anti-phishing system prevented more than 500 million attempts at accessing fraudulent websites globally in 2022. It said this is twice more compared to the 2021 figures.

Kaspersky said in Africa, 8.7 per cent of individuals and corporate users were affected by phishing, saying attacks on their devices were detected and stopped.

Specifically, the firm said in South Africa, the share of users affected by phishing stands at 9.7 per cent, followed by Kenya at 8.4 per cent and Nigeria at seven per cent.

It noted that though spam and phishing attacks are not necessarily complex from a technological standpoint, they rely on sophisticated social engineering tactics, making them highly dangerous to those who are not aware of them.

Kaspersky revealed that fraudsters are skilled at creating phishing web pages identical to the original websites that collect private user data or encourage the transfer of money to fraudsters targeting both individuals and organisations.

Kaspersky experts discovered that throughout 2022 cybercriminals increasingly turned to phishing. The company’s anti-phishing system successfully blocked 507,851,735 attempts to access fraudulent content globally in 2022, twice the number of attacks thwarted in 2021.

It revealed that the sphere most frequently targeted with phishing attacks was delivery services. Fraudsters send fake emails pretending to be from well-known delivery companies and claim there is an issue with a delivery. The email includes a link to a fake website, which asks for personal information or financial details. If the victim falls for the scam, they could lose their identity and banking information, which may be sold to websites on the dark web.

With financial phishing, the most commonly targeted categories were online stores and online financial services. Among the financial phishing attempts in South Africa 15.4 per cent were through websites of fake payment systems, 68.4 per cent through fake online stores and 16.2 per cent through fake online bank portals. Among the financial phishing attempts in Kenya 22.5 per cent were through websites of fake payment systems, 54.9 per cent through fake online stores and 22.6 per cent through fake online bank portals. And among the financial phishing attempts in Nigeria 31.1 per cent were through websites of fake payment systems, 51.2 per cent through fake online stores and 17.8 per cent through fake online bank portals.

Kaspersky experts have also highlighted a global trend in the phishing landscape of 2022: An increase in the distribution of attacks through messengers, with the majority of blocked attempts coming from WhatsApp, followed by Telegram and Viber.

It noted that there is also growing demand among cybercriminals for social media credentials, with criminals exploiting people’s curiosity and desire for privacy by offering fake updates and verified account status on social media platforms.

Moreover, the experts found that cryptocurrency scams and market events, like the pandemic, are still being used by phishing attackers to steal sensitive information from people who are afraid and worried. These scammers are taking advantage of people’s fears and concerns to steal their sensitive information.

Security Expert at Kaspersky, Olga Svistunova, said: “Phishing is one of the most prevalent and pernicious threats in the cybersecurity landscape. Being the gateway to many of the worst cyber threats, phishing pages are the first step in a long chain of events that can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses. It’s crucial for everyone to understand the threat and take action to protect themselves.”

In order to avoid becoming a victim of spam or phishing-based scams, Kaspersky experts advise the following: “Only open emails and click links if you are sure you can trust the sender.

“When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative communication channel.

“Check the spelling of a website’s URL if you suspect that you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.

“Use a proven security solution (https://apo-opa.info/3EQxD1D) when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.”