Email phishing attacks are especially popular over the festive season, partly because there’s an increase in email marketing and special offers linked to the holidays.
During the fourth quarter of 2014, for instance, the number of unique phishing attacks globally went up by 18% compared with the third quarter that year, according to the Anti-Phishing Working Group.
A total of 437 brands were targeted and 46,824 unique phishing websites were reported, the majority of them hosted in the US. The most-targeted industries for phishing attacks are retail/service, financial services and payment services.
It seems that during the Christmas period people are probably more likely to respond to these offers. They also appear willing to spend more money than usual. This creates a perfect opportunity for cyber criminals to hook their bait.
But what is phishing and why does it happen? And how can people guard against it?
Identity Theft
To begin with, it’s important to understand the practice that lies at the heart of phishing: identity theft. This is a form of fraud in which one person pretends to be someone else to illegitimately benefit at the victim’s expense.
Cyber criminals usually acquire the information that they need by stealing a wallet, going through mail, or dumpster diving. They also target organisations that are in possession of sensitive private information by stealing IDs, back-ups or documentation.
In the US in 2014 there was one new victim of identity theft every two seconds.
In South Africa, identity theft losses amount to more than R1 billion annually according to the Southern African Fraud Prevention Services. In 2014, 3600 cases were reported and it believes that more than 4000 cases would be reported by the end of 2015.
In the anonymous world of the internet, individuals are uniquely identified by account numbers and passwords which form the basis of online authentication.
Online identity theft happens when a victim’s online identity is stolen by cyber criminals and used for unauthorised purposes that cause financial losses to the victim. Email phishing attacks are an increasingly popular and sophisticated method that cyber criminals employ to get the information they require to commit online identity theft.
Phishing
Phishing is an online identity theft method in which spoofed emails are sent out to lure recipients through embedded hyperlinks to fraudulent websites. Here, cyber criminals attempt to trick online users into divulging personal financial data like passwords and account numbers.