The number of phishing messages hitting UK web users has tripled over the last year, with crooks targeting an average of 3,000 Brits every day, according to Kaspersky Lab.
The security firm revealed the alarming increase in its The evolution of phishing attacks 2011-2013 report, confirming the spike in UK attack levels is indicative of a wider boom in cyber criminal activity.
“In 2012 to 2013, 102,100 users around the world were subjected to phishing attacks. That is double the number of victims in 2011 to 2012,” reads the report.
The report also revealed that the UK is one of the worst hit countries, alongside the likes of Russia, the US and India, who suffered similar spikes in the number of phishing attacks targeting them.
“In Russia, 19,000 users were attacked each day, 12,000 in the US, 10,000 in India, 6,000 in Germany, 3,000 in France, and another 3,000 in the UK. During the previous year these numbers were much lower,” reads the report.
“Over the period from May 1, 2011, through April 30 2012, nearly 52,000 users around the world were subjected to phishing attacks daily. On average, 12,000 users were attacked in Russia, 5,000 in the US, 4,000 in India, 3,000 in Germany, 2,000 in France, and 1,000 users in the UK.”
Kaspersky said the phishing attacks are also getting more sophisticated with only 12 percent of the attacks targeting the UK being traditional email messages. The remaining 88 percent targeted web users with links to phishing pages and messages on social network and messaging services like Twitter, Facebook and Skype.
The security vendor also detected an evolution in the social engineering tactics used to dupe web users to click on the infected URLs or download the malicious documents, with many masquerading as legitimate big-name companies.
“In total, 30 percent of all identified phishing links led to webpages mentioning Yahoo, Facebook, Google, and Amazon. The next most common targets included banks and other financial organisations, representing 20.64 percent of all identified attacks,” read the report.
Worse still, Kaspersky said the attacks are becoming increasingly focused, with the crooks now tailoring their scams to target specific companies. “Over the last year, Kaspersky Security Network has identified 1,739 unique targets, which is 250 more than in the previous year. This time, as expected, targets included social networks, search engines and email services, telecom companies, e-payment services, banks, and other credit and financial institutions,” it said.
Kaspersky said the increased use of phishing attacks is indicative of a failure by most companies to secure their networks, which makes it easy and profitable for the crooks to keep using the basic technique. “The relative simplicity of setting up these types of attacks and the high probability of gaining some type of reward from a successful phishing ploy is attracting more and more malicious users to phishing,” it said.
The firm called for businesses to better educate their employees about how to spot phishing emails, warning technology alone will not solve the problem. Kaspersky’s findings mirror those of Sophos director of technology James Lyne, who said the lack of skilled professionals to tackle this issue is leaving the UK industry open to attack during an interview with V3.