In 2012–2013, phishers launched attacks affecting an average of 102,100 people worldwide each day – twice as many as in 2011–2012. The number of unique attack sources – such as fraudulent websites and servers – has more than tripled from 2012–2013.

Kaspersky’s research also shows that what was once a subset of spam has evolved into a rapidly growing cyberthreat in its own right. Phishing is technically a form of Iinternet fraud in which criminals create a fake copy of a popular site (an email service, an internet banking website, a social networking site, etc.) and try to lure users to these rogue web pages to enter credentials, which are then employed to steal users’ money, compromise other accounts, or distribute spam and malware.

Phishing is seen as being synonymous with malicious bad links sent by email, but that’s no longer the most common delivery mechanism for the attacks. In fact, only 12% of all registered phishing attacks globally launched via spam mailings. The other 88% of cases came from links to phishing pages that people followed while using a web browser, a messaging system (Skype, etc.) or otherwise interacting with a computing device – for example, for social networking.

“For a long time, phishing was regarded as a variation of typical spam emails,” the firm noted in a statement. “However, the data from this report confirms that the scale of phishing attacks has reached such a significant level that they should be regarded as a dangerous threat category of their own, not merely an offshoot of general spam.”

When it comes to geography, these attacks most often target users in Russia, the US, India, Vietnam and the UK. And, Vietnam, the US, India and Germany have the greatest number of attacked users – the total number of attacks in these regions has doubled since last year.



The majority of the servers hosting phishing pages were registered in the US, the UK, Germany, Russia and India. More than half (56%) of all identified unique attack sources globally were found in just 10 countries, which means the attackers have a small set of preferred home bases to launch their attacks on.



Kaspersky also found that phishers have preferred targets, too: The services of Yahoo!, Google, Facebook and Amazon were most often attacked by phishers globally. Almost a third (30%) of all registered incidents involved fake versions of their sites.

More than 20% of all phishing attacks globally mimicked banks and other financial organizations. The top 10 sites targeted in the UK include BT, PayPal and one of the most prominent British financial conglomerates.



“The volume and variety of phishing attacks detected during the analysis indicates that phishing is not merely one tool among many for the illegal enrichment of fraudsters, but represents a significant and visible threat,” said Nikita Shvetsov, deputy CTO of research at Kaspersky. “These attacks are relatively simple to organize and are demonstrably effective, attracting an increasing number of cybercriminals to this type of illegal activity. The volume of phishing attacks, which according to Kaspersky Security Network nearly doubled in a single year, confirms this trend.”