Today, network security company RSA launched its Q3 Fraud Report, a comprehensive look at the current cyber fraud environment and the current threats facing individuals and organisations.
In the third quarter of 2018, RSA detected 38,196 total fraud attacks worldwide. Phishing scams were the most prolific attack, accounting for 50% of all fraud attacks observed by the organisation, a 70% increase from Q2.
Phishing is the act of obtaining personal information such as usernames, passwords, and credit card details via some form of electronic communication such as email. It is one of the most prolific online fraud tactics developed over the past decade, fuelled by poor cybersecurity practices.
Despite an awareness of the risk of phishing, many individuals still fall for fraudulent attempts to gain information. According to the Verizon Data Breach Investigations Report, 30% of phishing messages get opened by users and 12% of those users click on the attachment or link.
This type of attack is particularly prevalent at this time of year, and it is not unusual to see a steep rise in the volume of phishing during the third quarter, with fraudsters looking to acquire new credential to commit fraud during Black Friday and Cyber Monday. RSA recovered nearly 5.5m compromised cards and card previews, as fraudsters look to take advantage of peak shopping times where there is a greater chance they will go undetected.
RSA found that Canada, the United States, and the Netherlands were the top three countries most targeted by phishing and represented 69% of total attack volume. Canada was the target of the majority of the attacks, representing a significant portion of global attacks at 52%.
However, Europe was found to be the target of the most costly fraud transactions, where the average value of a fraudulent transaction was $420.
A new way of phishing
Another type of scam the report warns about is vishing, or voice phishing, an attack where fraudsters attempt to trick victims into revealing credentials or other personal information.
Although vishing only accounts for around 1% of total phishing attacks, it remains a real threat due to its evolution through ‘SEO poisoning’- in which attackers create websites filled with fake contact information and use search engine optimisation tactics to make them rank highly in search results on sites such as Google.
Using this technique, fraudsters can get victims to call them or give up their information willingly over the internet without having to cold call.
Another vulnerability identified was rogue apps, apps that contain malware such as worms, spyware, Trojans and viruses. Some 9,329 rogue apps were detected in quarter three, accounting for one-quarter of all fraud attacks.
In fact, fraud from Fraud from mobile browsers and mobile applications in general is on the rise, and representing 73% of total fraud transactions this quarter. Year-over-year, fraud from mobile applications increased 27%.
Preventing phishing attacks
In response to the continued increase in phishing, vishing, and smishing attempts, the RSA has offered advice to consumers on how to stay vigilant.
It recommends that individuals are always aware when searching for contact numbers online, never reveal answers to security questions, PINs and passwords over the phone or email, even to what may appear to be a trustworthy organisation, and to contact their bank as soon as they suspect a scam may have taken place.