For the fourth year running, programs designed to steal users’ logins, passwords and other confidential data remain on top of the list of the most widespread malware distributed by e-mail, according to Kaspersky Lab.
The Internet security experts summarised spammer activity for 2014:
* The proportion of spam in e-mail flows was 66,8% in 2014, which is 2.8 percentage points lower than the previous year.
* The reduced level of spam e-mails is explained by the fact that the advertising of legal goods and services is migrating to more effective legal platforms.
* The biggest source of spam was the USA (16.7%)
* 42.6% of phishing attacks targeted global portals that integrate many services accessed via a single account.
* The country with the highest proportion of users targeted by phishers, meanwhile, was Brazil, where 27.5% of all Kaspersky Lab users in the country faced an attack. Australia was second with 23.8%, India and France were close behind on 23% each.
* The Top 3 organisations whose brand identities were most often used in phishing attacks were Yahoo! with 23.3%, Facebook with 10% and Google with 8.7% of the attacks.
Mobile spam:
Spam mailings imitating e-mails sent from mobile devices are becoming very popular. Kaspersky Lab found e-mails like this in several languages. They were found on iPad, iPhone, Samsung Galaxy and other models. These messages had one thing in common – a very short (or non-existent) text and a signature reading, for example, “Sent from my iPhone”. Typically, they contain links to malicious attachments.
Generally spam mass mailings imitate notifications from different mobile applications such as WhatsApp and Viber. Users are familiar with the synchronisation of cross-platform apps and the synchronisation of contact data between apps and different notifications from them. As a result many mobile device owners don’t think twice about an e-mail saying that something has arrived on their mobile messenger. But this is a mistake: these mobile applications are not connected to the user’s e-mail account, which proves that such e-mails are obviously fake.
“Fake bank notifications are among the most common types of malicious spam or phishing attacks. Recently, we have seen noticeable changes in the structure of some phishing e-mail. In 2014, spammers began to complicate the design of fake messages by adding more links to official resources and services of the organisations from which they claim to be sending their bogus notifications. Obviously, the attackers hope that an email with a few legitimate links would be recognised as legitimate by users and spam filters alike. Meanwhile, the email contains a single fraudulent link that either redirects users to a phishing site or downloads a malicious archive”, said Maria Vergelis, Spam Analyst at Kaspersky Lab.
The top three countries that produced the majority of spam mass mailings comprised of the USA (16.7%), Russia (5.9%) and China (5.5%).