Attackers continue to use phishing and spam as a primary way to steal credentials from unwary users, with emails carrying links to more than 5.6 million phishing sites and laden with 36 million malware attachments, new data shows.

Software security firm Kaspersky’s new quarterly review of spam and phishing data found that the most popular subjects in the emails included a variety of sports — including the delayed Euro 2020 soccer tournament and the Tokyo Olympics — and video games, with popular schemes including support scams, which aim to get victims to call with credit-card information, and COVID-19 scams, which aim to collect sensitive information on victims. 

Overall, spam accounted for 45% of global email traffic, down 1% from the previous quarter and roughly even with Q1 2021. The messages usually redirected recipients to phishing sites for major brands or, in another popular tactic, used a purported charge on a major brand’s site to scare users into calling support, stated Tatyana Scherbakova, a senior Web analyst at Kaspersky, in the quarterly report.

“Emails inviting the recipient to contact support continue to be spam regulars. If previously they were dominated by IT topics … recently we have seen a rise in the number of emails talking about unexpected purchases, bank card transactions or account deactivation requests,” she said. “Most likely, the change of subject matter is an attempt to reach a wider audience: messages about unintentional spending and the risk of losing an account can frighten users more than abstract technical problems.”

Phishing and spam remain the most common online attack encountered by companies, with 87% of security professionals saying their companies regularly detect such attacks, compared with the second most-common attack type, common viruses, which 75% of companies regularly detect, according to a Dark Reading survey of technology and cybersecurity professionals.

Attackers continue to switch up their tactics. In September, a phishing campaign used a legitimate domain to sneak past the domain reputation used by many security applications as a first line of defense. The phishing attack landed in 75,000 inboxes in a campaign that aimed to steal corporate credentials. In June, security firm Agari found that half of compromised credentials are typically verified within the first 12 hours.

“Once entered, account details are forwarded to the cybercriminals, completely bypassing malware detection software,” stated Crane Hassold, senior director of threat research at Agari, in a blog post. “From there, those criminals can do what they want — often for years and without being detected. And now with enterprise migration toward cloud-based email and services, credential phishing is more popular than ever.”

In its quarterly report, Kaspersky noted that global Internet portals and online stores are the brand categories most often used as phishing bait, each accounting for almost 21%. The third most-common brands come from the banking industry, which accounted for 12%.

Russia Leads in Spam
Among countries, Russia is the largest source of spam, accounting for 25% of all traffic, while Germany accounts for 14%, China for 10% and the United States for 9%. The top targeted country for phishing and spam is Spain, which is targeted by almost 10% of all malicious messages, while Russia accounted for 7%, and Italy for about 5%, according to Kaspersky’s quarterly report.

The credential-stealing Agensla Trojan accounted for 10% of all malware detected, jumping by 3 percentage points from the previous quarter. The other top malicious attachments included Badun spyware at 7%, the Noon spyware at 5%, and the Taskun malware at 4%.

Among popular targets are sporting events, with some phishing attacks promising “free live broadcasts,” but then attempting to charge a subscription for a phantom service. Sports video games — especially football (or what the United States refers to as soccer) — is also a popular target of phishing attacks, which promise a bonus from major game makers but are really an attempt to steal account credentials.

Support spam continues to be popular. Among the most common are email messages that purport to be notices of a significant charge to a credit card from a known vendor to convince the recipient to call a fake support number.