Phishing and Spam Lures Feature Sports, Aim to Steal Credentials

Spam volume declined slightly in the third quarter, but attackers sent almost 36 million malicious email attachments, up 5% from the previous quarter, one security firm says.

4 Min Read
Sources of malware by country (red is more, green is less).Kaspersky's "Spam and phishing in Q3 2021"

Attackers continue to use phishing and spam as a primary way to steal credentials from unwary users, with emails carrying links to more than 5.6 million phishing sites and laden with 36 million malware attachments, new data shows.

Software security firm Kaspersky's new quarterly review of spam and phishing data found that the most popular subjects in the emails included a variety of sports — including the delayed Euro 2020 soccer tournament and the Tokyo Olympics — and video games, with popular schemes including support scams, which aim to get victims to call with credit-card information, and COVID-19 scams, which aim to collect sensitive information on victims. 

Overall, spam accounted for 45% of global email traffic, down 1% from the previous quarter and roughly even with Q1 2021. The messages usually redirected recipients to phishing sites for major brands or, in another popular tactic, used a purported charge on a major brand's site to scare users into calling support, stated Tatyana Scherbakova, a senior Web analyst at Kaspersky, in the quarterly report.

"Emails inviting the recipient to contact support continue to be spam regulars. If previously they were dominated by IT topics ... recently we have seen a rise in the number of emails talking about unexpected purchases, bank card transactions or account deactivation requests," she said. "Most likely, the change of subject matter is an attempt to reach a wider audience: messages about unintentional spending and the risk of losing an account can frighten users more than abstract technical problems."

Phishing and spam remain the most common online attack encountered by companies, with 87% of security professionals saying their companies regularly detect such attacks, compared with the second most-common attack type, common viruses, which 75% of companies regularly detect, according to a Dark Reading survey of technology and cybersecurity professionals.

Attackers continue to switch up their tactics. In September, a phishing campaign used a legitimate domain to sneak past the domain reputation used by many security applications as a first line of defense. The phishing attack landed in 75,000 inboxes in a campaign that aimed to steal corporate credentials. In June, security firm Agari found that half of compromised credentials are typically verified within the first 12 hours.

"Once entered, account details are forwarded to the cybercriminals, completely bypassing malware detection software," stated Crane Hassold, senior director of threat research at Agari, in a blog post. "From there, those criminals can do what they want — often for years and without being detected. And now with enterprise migration toward cloud-based email and services, credential phishing is more popular than ever."

In its quarterly report, Kaspersky noted that global Internet portals and online stores are the brand categories most often used as phishing bait, each accounting for almost 21%. The third most-common brands come from the banking industry, which accounted for 12%.

Russia Leads in Spam
Among countries, Russia is the largest source of spam, accounting for 25% of all traffic, while Germany accounts for 14%, China for 10% and the United States for 9%. The top targeted country for phishing and spam is Spain, which is targeted by almost 10% of all malicious messages, while Russia accounted for 7%, and Italy for about 5%, according to Kaspersky's quarterly report.

The credential-stealing Agensla Trojan accounted for 10% of all malware detected, jumping by 3 percentage points from the previous quarter. The other top malicious attachments included Badun spyware at 7%, the Noon spyware at 5%, and the Taskun malware at 4%.

Among popular targets are sporting events, with some phishing attacks promising "free live broadcasts," but then attempting to charge a subscription for a phantom service. Sports video games — especially football (or what the United States refers to as soccer) — is also a popular target of phishing attacks, which promise a bonus from major game makers but are really an attempt to steal account credentials.

Support spam continues to be popular. Among the most common are email messages that purport to be notices of a significant charge to a credit card from a known vendor to convince the recipient to call a fake support number.

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights