Phishing and scams/social engineering, which are attacks related to data loss threats, rose significantly in Africa in the second quarter of 2022 as a total of 10,722,886 phishing attacks were detected, with Kenya, South Africa, and Nigeria emerging the hardest hit countries.
During the period under review, Kaspersky’s security solutions detected 5,098,534 phishing attacks in Kenya, a 438 percent increase compared to the previous quarter and the highest of any African country.
This was followed by South Africa with a total of 4,578,216 attacks, 144 percent higher than the previous quarter.
In a similar upward trend,, a total of 1,046,136 detections were recorded for Nigeria at a growth of 174 percent above the level recorded in the first quarter of 2022.
The anti-virus provider noted that social engineering, also called “human hacking” scams, are used in many ways, and for different purposes, to lure unsuspecting users to a site and then trick them into entering personal information. The latter, it observed, often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.
“In the wrong hands, this opens doors to various malicious operations, such as money being stolen, or corporate networks being compromised,” the company explained.
Kaspersky also described phishing as a strong attack method especially since it is done at a large scale.
“By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials,” it noted.
Kaspersky researchers further observed that phishers deploy a variety of tricks to bypass email blocking and lure as many users as possible to their fraudulent sites. They employ a common technique that involves the application of HyperText Markup Language (HTML) attachments with partially or fully obfuscated code. The HTML files enable the attackers to use scripts, obfuscate malicious content to make it harder to detect, and send phishing pages as attachments instead of links.
Kaspersky said such attacks are totally preventable, urging users to be sceptical about overly generous offers which, oftentimes, serve as bait.
“If an offer seems too good to be true, it probably is,” said Mikhail Sytnik, a security expert at Kaspersky.
To protect against phishing and scams, Kaspersky experts highlighted the following recommendations:
-Carefully looking at the address bar before entering any sensitive information, such as login details and password. By doing this, a user is able to detect if something is wrong with the URL such as a spelling error which doesn’t look like the original or if it uses some special symbols instead of letters. When in doubt, users are advised to check the certificate of the site by clicking on the lock icon to the left of the URL.
-Not clicking on links that come from unknown sources, either through emails, messaging apps or social networks
-Using a good security solution such as Kaspersky Total Security, which protects against spam emails and phishing attacks.