Facebook users were also heavily targeted, with 3.7 million phishing attempts recorded, amazon users weren’t far behind, with 3 million attempts detected
A recent analysis by cybersecurity researchers at Kaspersky has revealed a significant increase in password-stealing attacks, with a particular focus on users of Google, Amazon, and Facebook. These platforms, widely used and trusted by millions, have become prime targets for cybercriminals due to the vast amount of personal and financial information they contain.
The appeal of hacking into accounts on these platforms is clear. Google accounts, for example, serve as a gateway to various other services and personal data, making them highly attractive to attackers. “This year has seen a significant increase in phishing attempts targeting Google,” said Olga Svistunova, a security expert at Kaspersky. She highlighted that gaining access to a Gmail account can potentially unlock a range of other services, making it a “prime target.”
In the first half of 2024 alone, Kaspersky recorded approximately 26 million attempts to access malicious sites posing as popular global brands. This marks a 40% increase from the same period in 2023. Among these, Google users faced the most significant surge, with phishing attempts increasing by 243%. Kaspersky’s security solutions blocked around 4 million such attempts during this period.
Facebook users were also heavily targeted, with 3.7 million phishing attempts recorded. Amazon users weren’t far behind, with 3 million attempts detected. Other brands frequently targeted in phishing attacks included Microsoft, DHL, PayPal, Mastercard, Apple, Netflix, and Instagram.
While Google topped the list of targets, Microsoft has seen a notable rise in a specific phishing technique: QR code phishing. According to Jan Michael Alcantara, a threat research engineer at Netskope, there has been a “2,000-fold increase in traffic to phishing pages delivered through Microsoft Sway” in July 2024 alone. These attacks often involve QR codes that, when scanned, redirect users to malicious sites designed to steal Microsoft Office credentials.
This method leverages the fact that users are already logged into their Microsoft 365 accounts, adding a layer of legitimacy to the phishing attempt. Attackers use various techniques to avoid detection, including CAPTCHA tests and substituting legitimate URLs with phishing ones in real-time.
A newer variant of QR code phishing, known as Unicode QR code phishing, has also emerged. This technique, as detailed by J Stephen Kowski, field chief technology officer at SlashNext, uses QR codes crafted from Unicode text characters rather than images. This approach complicates detection, as it evades traditional image analysis tools and creates challenges for both screen rendering and text recognition.
Despite the rise in phishing attacks, the researchers emphasize that this surge is due to an increase in fraudulent activity, not a lack of vigilance among users. To protect against these threats, users are encouraged to stay informed about the latest phishing techniques and report any suspicious activity. Major platforms like Google, Facebook, Amazon, and Microsoft offer resources online to help users recognize and avoid phishing attempts.
The landscape of cyber threats is continuously evolving, and staying vigilant is more important than ever. By understanding the tactics used by cybercriminals and taking appropriate precautions, users can better protect their accounts and personal information from being compromised.
