Phishing attacks doubled in 2022, exceeding 500 million

In 2022, Kaspersky's anti-phishing system prevented more than 500 million attempts to access fake websites, double the 2021 figures. Delivery services, messaging platforms (messengers) and cryptocurrency services were the most commonly exploited means of deceiving victims through phishing attacks. These are some of the findings found in Kaspersky's new Spam and Phishing 2022 report.

While spam and phishing attacks are not necessarily sophisticated from a technological point of view, their configuration is based on sophisticated social engineering tactics, making them extremely dangerous for those who cannot identify them. Scammers are able to create phishing websites that appear identical to the real thing, using them to extract sensitive information or to defraud individuals and businesses by extracting money from them. Kaspersky experts discovered that, throughout 2022, cybercriminals increasingly turned to phishing. In 2022, the company's anti-phishing system successfully blocked 507,851,735 attempts to access malicious content, double the number of attacks thwarted in 2021.

Users of delivery services were the most frequent victims of phishing attacks, accounting for 27.38% of all attempts thwarted. Fraudsters send fake emails pretending to be from well-known delivery companies and claiming there is a problem with a delivery. The email includes a link to a fake website, which asks for personal details or financial details. If the victim does not recognise the scam, they may unwittingly share their identification and banking details, which are then sold to dark web sites. Other popular targets of phishing attacks are online shops (15.56%), payment systems (10.39%) and banks (10.39%).

Kaspersky experts have also identified another strong trend in the phishing landscape for 2022: an increase in attacks via messenger apps, with the majority of blocked attempts coming from WhatsApp (82.71%), Telegram (14.12%) and Viber (3.17%).

Cybercriminals are increasingly targeting social media accounts, exploiting people's curiosity and need for privacy. They use tactics such as offering fake updates and verified account statements to convince users to share their login details.

In addition, according to experts, cybercriminals continue to exploit people's fears and concerns related to the pandemic, as well as using cryptocurrency scams to extract sensitive information. These scammers are exploiting people's fears and concerns to steal their sensitive information.

In order to avoid becoming a victim of spam or phishing scams, Kaspersky experts recommend the following:

• Only open emails and click on links if you are sure you can trust the sender.
  
• When a sender exists but the content of the message seems strange, it's worth running a verification check through an alternative channel of communication with the sender.
  
• Check the spelling of a website's URL if you suspect it is a phishing page. If so, the URL may contain errors that are difficult to spot at first glance, such as 1 instead of I or 0 instead of O.
  
• Use a proven security solution when surfing the web. Thanks to access to an international database of information about the threat landscape, these solutions are able to detect and block spam and phishing campaigns.