Phishing Accounts for One Third of the Total Number of Incidents
June 30, 2016
Phishing is the most reported type of cybercrime in Latin America and the Caribbean, informed Graciela Martinez, Head of LACNIC’s Warning Advice and Reporting Point (WARP).
Numbers show that 32.8% of incidents handled by LACNIC WARP in the past year were cases of personal data and financial credential theft.
Martinez attended the latest meeting of the Anti-Phishing Working Group, a cross-industry coalition seeking to unify global response to cybercrime with a focus on phishing attacks, in representation of LACNIC WARP.
The expert noted that phishing is a criminal activity which employs technical expertise and social engineering to steal an Internet user’s personal data.
(Free access, no subscription required)
“LACNIC WARP numbers show that phishing incidents are among the most reported types of security incidents,” Martinez told LACNIC News.
While we have recently witness a drop in new cases of phishing, the amount of money involved in this type of fraud has increased in Latin America and the Caribbean.
The same phisher can attack several organizations at once, using different links for different organizations; ultimately, however, they are all redirected to the same server hosting the phishing site.
“LACNIC WARP numbers show that phishing incidents are among the most reported types of security incidents,” Martinez told LACNIC News.
While we have recently witness a drop in new cases of phishing, the amount of money involved in this type of fraud has increased in Latin America and the Caribbean.
The same phisher can attack several organizations at once, using different links for different organizations; ultimately, however, they are all redirected to the same server hosting the phishing site.
Martinez explained that these attacks can also involve different patterns, such as the same gTLD (“.uy” or “.ru”), different URLs that redirect to the same fraudulent website, or a fraudulent URL that leads to a website slightly different from the original.
Phishers take advantage of the fact that most Internet users are not aware of the safety precautions they should consider when entering a private access website. In many cases, cybercriminals use the same resources as the website being targeted (e.g., the same bank logo), which makes it more difficult for a user to detect malicious activity and increases the attacker’s chances of success.
Martinez mentioned that phishing typically starts via an email message, particularly when a bank is targeted. Requests to update Apple user accounts have also been detected. This type of phishing seeks to obtain access to the victims’ iCloud accounts in order to obtain the access credentials stored in users’ files, such as their phone backup.
Last year, a new type of phishing started to gain momentum: infecting devices with a malicious application that encrypts all the information stored on the user’s disk. The cybercriminal then asks the owner of the device to pay ransom in exchange for the decryption key needed to recover the information. Victims are usually required to pay this ransom in bitcoins, a virtual currency the very nature of which makes it difficult to trace the crime.
Tips. Martinez provided a series of recommendations to help avoid becoming the victim of an online criminal attack:
If you receive a suspicious email or a message from an unknown source, do not open any attachments and do not click on any links it may contain.
If you have doubts regarding a specific link, type the URL of the website you trust and want to access directly in your browser window.
Always check that the URL of the websites to which you are redirected match the original domain.
Avoid visiting unreliable websites and ignore pop-up windows prompting you to enter personal data.
Do not share your access credentials.
Change your passwords frequently and avoid reusing the same password for different systems.
Install an antivirus software and keep it up to date.
Consider using spam filters.
Before using external devices on your computer, run a security check with your antivirus software.
Regularly back up your data.
If you fall victim to online fraud, report the problem immediately to the organization involved and to the corresponding computer security incident response center.
