AhnLab 2nd quarter phishing email statistics analysis… “Deceived by Consumption History”
Be cautious of ‘script files’ executed by fake sites and hidden compressed files containing malicious code,
(Provided by AhnLab),
,
, “(Seoul=News1) Reporter Yoon Ju-young = Statistics show that attackers attempting phishing via email often deceive the public using expressions such as ‘payment·purchase’, ‘delivery·logistics’, and ‘notice·announcement’. They disguise malicious code-containing attachments as notifications of consumption history, tricking users into opening them.”,
,
, ‘AhnLab (053800) released a report analyzing phishing emails collected in the second quarter of this year on the 14th. However, the total number of collected cases is undisclosed.’,
,
, ‘27.7% of all phishing emails used ‘payment·purchase’ as a keyword, followed by ‘delivery·logistics’ at 20.6%. Attackers also used words related to transportation, customs, or even impersonated well-known logistics companies.’,
,
, ‘AhnLab cautioned users, stating, “It appears that the recent trend of overseas direct purchases through Chinese e-commerce platforms has been targeted.”‘,
,
, ‘Impersonation of ‘notice·announcement’ accounted for 8.7% and ranked third in keywords. This tactic exploited users’ anxiety and curiosity by using expressions like ‘urgent’ and ‘notice’.’,
,
, “For actual attack methods, the creation of ‘fake pages’ was the most common at 50%. These pages typically disguise themselves as login pages to induce users to input account information. The design elements of the actual page, such as layout, logos, and fonts, were imitated.”,
,
, ‘The collected personal information is then transmitted to the attacker’s server.’,
,
, “The files used for creating these fake pages are script files with extensions such as ‘.html’, ‘.shtml’, and ‘.htm’, accounting for 50% of all attachment extension types.”,
,
, “The type of ‘downloader’ for downloading malicious code ranked second at 13%. Following that were trojan horses disguised as legitimate programs, executing malicious code, and information-stealing ‘infostealers’.”,
,
, “It is important to be cautious of ‘compressed files’. Attackers use compression to conceal malicious files, making ‘.zip’, ‘.rar’, ‘.7z’ the second most common attachment extension types at 29%.”,
,
, “Additionally, document files such as ‘.doc’, ‘.xls’, and ‘.pdf’ can also be utilized for attacks.”,
,
, ‘To prevent phishing emails, it is essential to carefully verify the sender. Suspicious attachments and URLs should not be opened. It is also recommended to use different accounts and change passwords periodically for each site.’,
,
, ‘AhnLab emphasized, “Maintaining the latest versions of antivirus programs like V3 and activating phishing site blocking features are crucial. Updating operating systems, internet browsers, and office software for receiving the latest security patches is also effective.”‘,
,
, ”]