During the fourth quarter of 2014, for instance, the number of unique phishing attacks globally went up by 18% compared with the third quarter that year, according to the Anti-Phishing Working Group.
A total of 437 brands were targeted and 46,824 unique phishing websites were reported, the majority of them hosted in the US. The most-targeted industries for phishing attacks are retail/service, financial services and payment services.
It seems that during the Christmas period people are probably more likely to respond to these offers. They also appear willing to spend more money than usual. This creates a perfect opportunity for cyber criminals to hook their bait.
But what is phishing and why does it happen? And how can people guard against it?
To begin with, it’s important to understand the practice that lies at the heart of phishing: identity theft. This is a form of fraud in which one person pretends to be someone else to illegitimately benefit at the victim’s expense.
Cyber criminals usually acquire the information that they need by stealing a wallet, going through mail, or dumpster diving. They also target organisations that are in possession of sensitive private information by stealing IDs, back-ups or documentation.
In the US in 2014 there was one new victim of identity theft every two seconds.
In South Africa, identity theft losses amount to more than R1 billion annually according to the Southern African Fraud Prevention Services. In 2014, 3600 cases were reported and it believes that more than 4000 cases would be reported by the end of 2015.
In the anonymous world of the internet, individuals are uniquely identified by account numbers and passwords which form the basis of online authentication.
Online identity theft happens when a victim’s online identity is stolen by cyber criminals and used for unauthorised purposes that cause financial losses to the victim. Email phishing attacks are an increasingly popular and sophisticated method that cyber criminals employ to get the information they require to commit online identity theft.
Phishing is an online identity theft method in which spoofed emails are sent out to lure recipients through embedded hyperlinks to fraudulent websites. Here, cyber criminals attempt to trick online users into divulging personal financial data like passwords and account numbers.
Initially phishing emails and the associated bogus websites where mostly masked as coming from financial services institutions. These were easily identifiable because of poor language and grammar or non-authentic looking copies of websites.
But this is no longer the case. As users grew more sophisticated, so too did cyber criminals. In recent years they have begun targeting a wider set of industries, using more authentic looking emails and websites.
A Possible Solution?
Well-planned phishing websites fool more than 90% of respondents, while 23% do not notice browser-based security warnings and indicators and 15% ignore these warnings, according to a Harvard University study. Researchers found no correlation between victims’ vulnerability and their gender, age, education levels or computer experience.
Keeping yourself abreast of phishing trends is useful. Research recommends these anti-phishing measures as first steps to protect your online privacy:
be cautious with emails and confidential information;
look for indications that browsers and websites are secure and legitimate;
employ available security measures; and
keep in mind that when an offer appears too good to be true, it probably is.
We are doing new research to find out how people view the threat of phishing and what steps they take to avoid phishing. The information will help us find ways to improve online security.
Whether you think you’re vulnerable to phishing, believe you’re well protected or genuinely have no idea, you can contribute to this research by clicking here to complete the survey.
Rika Butler, Associate Professor in Auditing at the School of Accountancy, Stellenbosch University and Martin Butler, Senior Lecturer in Business Management and Administration, Stellenbosch University