By Omobayo Azeez
Africans faced a double whammy in the second quarter of 2020 as they were confronted by cyber-attacks and the coronavirus (COVID-19) pandemic within the period.
The latest report by Kaspersky shows no fewer than two million people suffered from phishing attacks within the period as it detected exactly 2,023,501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda and Ethiopia.
It said a number of new tricks have also been found – from HR dismissal emails to attacks disguised as delivery notifications.
The report noted that phishing is one of the oldest and most flexible types of social engineering attacks.
The report read: “They are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information.
“The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.
”South African users have been influenced the most by this type of threat: there were 616,666 phishing attacks detected in 3 months. It was followed by Kenya (514,361), Egypt (492,532), Nigeria (299,426), Rwanda (68,931) and Ethiopia (31,585).”
Kaspersky further described phishing as a strong attack method because it is done at such a large scale.
“By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials. The first six months of 2020, however, have shown a new aspect to this well-known form of attack,” the company added.
The latest findings also indicated that phishers increasingly performed targeted attacks, with most of their focus on small companies.
To attract attention, it found that fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims.
“In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic.
“Such targeted phishing attacks can have serious consequences. Once a fraudster has gained access to an employee’s mailbox, they can use it to carry out further attacks on the company the employee works for, the rest of its staff, or even its contractors,” the report showed.
The firm also realized that the attackers are capitalizing on services that are more required during the pandemic era to create victims among people.
“The new agenda, following the COVID-19 outbreak, has already influenced the “excuses” fraudsters use when asking for personal information.”
This included disguising their communications with unsuspecting users as delivery services, postal services, financial services, human resources services, among other most sought after services during the pandemic era.