Avast has published the results of its survey conducted among Russian users. According to the data obtained, 42% of Russians have faced phishing attacks. At the same time, 27% of users became victims of such attacks, and slightly more than a third (35%) could not give an exact answer.
Two-thirds of respondents who were subjected to a phishing attack suffered while dealing with personal issues, one third – solving work tasks.
During the survey, Russians were asked if they had encountered the following types of phishing:
Phishing by email: Emails that look like they were sent from legitimate addresses of a reputable organization (which makes them difficult to recognize), but actually contain a malicious link or attachment.
Phishing sites: Pages that look just like regular sites, but are designed to steal information or download malware to visitors.
Phone phishing: The attacker calls the victim and convinces him to take the desired action on his computer, for example, refuse personal or confidential information, grant the fraudster access to the system or account, or send money.
Smishing: SMS phishing –– SMS or messages in WhatsApp and other messengers. In them, attackers can report that the victim allegedly won a smartphone (or something else), and then they will try to gain control over their account (WhatsApp, for example), convincing them to provide them with the confirmation code required to log into the account, or by sending a malicious a link that leads to either malware or a malicious site.
Physical phishing: A fraudster pretends to be someone who he is not, for example, a police officer, administration or building maintenance personnel in order to gain access to closed areas or deceive people and get money or information.
The survey has shown that in Russia, people most often encountered telephone phishing.
|Phishing type||How many people collided||How many people have suffered|
|Phishing by email||52%||34%|
|Phishing by phone||56%||37%|
|Smishing (phishing by SMS)||50%||31%|
“Attackers today can carry out phishing attacks through a variety of channels, so it is important that people know about them and the current patterns. From January to September 2020, Avast defended an average of 2,770 out of 100,000 Russians from phishing attacks every month, '' says Alexey Fedorov, head of Avast's representative office in Russia and the CIS.
The consequences of phishing
Among Russians who became victims of phishing attacks, just over a quarter (27%) said they had to change their account passwords, 13% said that their money had been stolen, and 11% had their personal data stolen. 11% of victims had to cancel their credit or debit cards.
Of those who suffered financial losses, 43% lost up to 3,500 rubles, every fifth (20%) lost from 3,500 to 6,999 rubles, 11% lost from 7,000 to 13,999 rubles, 5% – from 14,000 to 20,999 rubles, and one out of five (20%) more than 21,000 rubles.
“Social engineering is used in phishing attacks to trick people into doing what cybercriminals want. Attackers affect the behavior and psyche of the victim, since it is easier to deceive a person than to hack the system, – says Tatiana Shemyakina, psychologist, expert in social psychology. – Scammers play with people's emotions, use fear, put pressure on the victim. They can scare them with urgency, make them nervous, nervous, or tell them they need charitable donations. "
Victims do not report most phishing attacks
Interestingly, three out of five (61%) Russian phishing victims did not report the fraud to anyone. The main reasons people do not report such incidents are: think that the attack is not worth the trouble (30%), do not know who to report it to (29%), are confident that nothing will happen if they report (29%) believe that the information they received is worthless (23%).
Of the phishing victims who reported the attack, almost half (49%) reported fraud to the police, 43% to the company the attacker was pretending to be an employee of, and 26% told their colleagues about the incident.