RSA Q3 2018 Analysis Shows Huge Increase in Phishing Attacks

RSA, a computer and network security organisation based in the USA, has released its security analysis for Q3 2018. The analysis shows that the number of phishing attacks has increased by 70% between Q3 and Q2 2018. The report also stated that 50% of all fraud incidents experience by organisations come in the form of phishing attacks. 

Phishing is a form of fraud in which the criminal attempts to obtain sensitive information by pretending to be a trustworthy entity. These types of attacks are most commonly made over email. The emails are often easy to mistake for legitimate emails; they will have logos of actual organisations, and use convincing formatting and language. When directed to the fake website through the malicious email, the victim of the scam is asked to input their login details as normal. When targeting organisations, phishes will often trick individual employees in this manner to harvest their login details and then gain access to the organisation’s network. From here, they can install malware, perform a ransomware attack, or simply steal sensitive information to then sell on the black market. 

According to research conducted by Verizon, 12% of users click hyperlinks in phishing emails. This is a particular problem for large organisations with many employees, as it greatly increases their chances of suffering an attack.

Many people are now aware of the “basic” phishing attack sent over email. These emails are easily spotted as people know to look for signs such as poor grammar and suspicious links. This has caused hackers to increase the sophistication of their emails, as complex attacks have a higher chance of success. The huge increase in the number of phishing attacks may be due to people looking for the signs of a “traditional” attack, while not inspecting more legitimate-looking emails thoroughly. It is vital that employees are trained to treat all emails with some level of suspicion, and that phishing attacks have evolved a great deal since the early days of the practice. 

RSA notes that the majority of phishing attacks are conducted in the United States, Canada, and the Netherlands, which account for 69% of all attacks.

RSA has also drawn attention to a specific variant of phishing called vishing. Rather than using email, vishing attacks occur over the phone. A classic example involves a scammer pretending to be from the target’s bank. While the call is unsolicited, the scammer pretends that there is a security issue that needs to be resolved and requests sensitive information such as bank account information, passwords, and security questions and answers. Vishing accounts for 1% of all fraud attempts although it is a serious threat.

A new variant of vishing has even greater potential to achieve the desired result. Rather than the attacker calling a target, the attacks work in reverse with consumers calling the scammer. This is being achieved through search engine poisoning. Malicious websites are listed in the organic search engine results, and unsuspecting victims are fooled into thinking that they are legitimate sites. Other variants include false information posted on social media sites and help forums.

Approximately 14% of fraud attacks involve “brand abuse”, or the use of misleading posts on social media that spoof a well-known brand. 12% of fraud attacks involved Trojan horses – malware which is installed under false pretences. Once installed, the malware harvests sensitive information such as banking credentials. 2% of fraud attacks involve the use of rogue mobile apps. 9,329 rogue mobile applications were identified by RSA in Q3, 2018.

The report has shown that fraud through mobile browsers accounted for the majority of fraud transactions (73%) in Q3 – an increase of 27% since this time last year. 

The increase in the number of phishing attempts has been noted in other cybersecurity reports, including the Protenus Breach Barometer Report Q3 2018 and Beazley’s Breach Insight Report Q3 2018.