In 2023, Kaspersky anti-phishing technologies detected nearly 75,000 attempts to follow a phishing link on businesses’ devices in India. Interestingly, this number only refers to phishing links related to finance matters – e-commerce, banking, and payment systems.
Phishing persuades users to take action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organisation the users trust, they can more easily infect the victim with malware or steal their information.
These social engineering schemes “bait” with trust to get valuable information. This could be anything from a social media login, to your entire identity via your social security number. These schemes may urge the user to open an attachment, follow a link, fill out a form, or reply with personal information.
“Financial phishing” is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. Payment system phishing includes pages impersonating well-known payment brands.
“Phishing attacks are becoming more advanced in their exploitation of social engineering techniques. Financial phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organisations. The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. The scammers usually use the fear technique to convince the users to share their confidential financial and personal data by providing a seemingly important reason. Such messages usually contain threats to block an account if a recipient does not fulfil the requirements therein. For instance, “if you do not provide your personal data by the end of the week, your account will be blocked.” These kinds of messages generally push the recipients to act and should be considered as a red flag before taking any action,” explains Jaydeep Singh, General Manager for South Asia at Kaspersky.
From January to December last year, Kaspersky solutions detected and blocked a total of 74,994 financial phishing attempts targeting companies of various sizes within India. The statistics reflect clicks on phishing links placed in various communication channels, including emails, fraudulent web sites, messengers, social media, etc.
“With the rise of generative AI, it becomes easier for cybercriminals to create more convincing phishing messages, making financial phishing more prevalent. Threat groups also use these tactics to deceive employees and then crack into the corporate networks. Our recent study even showed 1 in 4 (24%) cyber-incidents against businesses in India were due to employees intentionally violating security protocol. Tools to help safeguard against human error are a vital step forward, but they can’t exclude employee education, skills development, and overall strengthening of the company’s ability to detect and respond to cyberattacks,” he adds.