Kaspersky Lab says the number of anti-phishing component activations on computers of Australian users doubled in August, accounting for nearly a quarter (24.4%) of the world’s total phishing attacks.
Australia’s latest ranking has pushed Brazil (19.5%) down to second position. The UK (15.2%) and Canada (14.6%) came third and fourth respectively. August saw global phishing activity increase by 62%, with 32 million detections globally. Kaspersky attributes the growth to a seasonal decline in the demand for advertising spam.
“In August, we recorded a significant increase in the number of phishing attacks,” said Tatyana Shcherbakova, an anti-spam analyst at Kaspersky Lab.
“To keep making money cybercriminals have switched to other types of spam, including phishing scams. By faking messages from well-known services, social networks or financial organisations, phishers are able to significantly improve the chances of their spam being a successful.”
Yahoo was attacked often enough to displace Windows Live as one of the top three organisations attacked by phishers, ranking behind Facebook and Google. Overall, the US ranked first among source countries of spam distributed around the world, while the UK now leads the ranking based on the number of users targeted by spammers sending malicious attachments.
“Cybercriminals who distributed malicious attachments in spam messages again used fake Facebook notifications as a lure for users,” said Shcherbakova. “The spam messages indicated to users that the social networking site had been hacked, with the faux ‘developers’ asking users to install the utility attached in order to avoid problems in future.”
Instead of the promised utility, the ZIP archive attached to the message contained the Haze Trojan-Downloader, which is used by cybercriminals to download other malware, including code designed to steal personal data from the computer’s owner or send infected messages to all the addresses in the contact list.
Kaspersky Lab has cautioned users to be more vigilant against these types of attacks. “To avoid becoming a victim, remember these simple rules: check the sender address and be particularly careful with messages containing attachments. It’s better to contact the company directly than trust an email and lose your personal data,” Shcherbakova said.