According to a recent report, 2,023,501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda, and Ethiopia have been detected during the second quarter of 2020. These and other findings are documented in Kaspersky’s new spam and phishing in Q2 2020 report.
The analysis by Kaspersky has revealed that phishing attacks are becoming increasingly more targeted. Several new tricks have also been found - from HR dismissal emails to attacks disguised as delivery notifications.
“When summarising the results of the first quarter, we assumed that COVID-19 would be the main topic for spammers and phishers for the past few months. And it certainly happened. While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” said Tatyana Sidorina, security expert at Kaspersky.
COVID-19 pandemic lockdowns
With the enforced COVID-19 pandemic lockdowns in some countries, this has meant more people are spending time online. As a result, it also makes sense that criminals would also increase their phishing attacks to target the increase in online activity.
Phishing is done on such a large scale by sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
Kaspersky reports that South African users were the number one victims: there were 616,666 phishing attacks detected in 3 months. It was followed by Kenya (514,361), Egypt (492,532), Nigeria (299,426), Rwanda (68,931), and Ethiopia (31,585).
Staying safe online
The following measures to protect themselves from phishing and other online attacks:
- Always check online addresses in unknown or unexpected messages, whether it is the web address of the site where you are being directed, the link address in a message and even the sender’s email address, to make sure they are genuine and that the link in the message doesn’t hide another hyperlink.
- If you are not sure that the website is genuine and secure, never enter your credentials. If you think that you may have entered your login and password on a fake page, immediately change your password and call your bank or another payment provider if you think your card details were compromised.
- Use a proper security solution with behavior-based anti-phishing technologies.