WASHINGTON – Cases of the insidious online scamming technique known as “phishing,” in which false sites and addresses are used to trick people into giving up personal information or installing malware, grew 87 percent worldwide over the past year, a security firm said Friday.
The schemes affected some 37.3 million people in the 12 months to April 30, according to a report by Russian-based security firm Kaspersky.
“The number of fraudulent websites and servers used in attacks has more than tripled since 2012, and more than 50 percent of the total number of individual targets were fake copies of the websites of banks and other credit and financial organizations,” Kaspersky said.
The attackers often use email purportedly sent from established organizations, such as Yahoo, Google, Facebook and Amazon, it said.
Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also commonly used to disguise phishing attempts.
Kaspersky said phishing has become the preferred method of cybercriminals.
“Although the specific targets of phishing attacks vary, the end goal of all malicious users engaged in this type of malicious activity is ultimately the same: to make money illegally,” it said. “This goal is achieved either by directly stealing cash from the victim, as in the case with fake online banking service pages, online storefronts, and subscriptions to online games.”
But attacks may also employ a more indirect approach, including the sale of stolen databases on the black market.
“A large collection of user data may come in handy for malicious users for a number of different fraudulent schemes involving spam mailings and the spread of malware,” it said.
The countries most often hit by phishing attacks were Russia, the United States, India, Vietnam and the Britain.