AhnLab’s 2nd quarter phishing email statistics report
Keywords related to payment, purchase, shipping, and logistics are risky,
AhnLab released the ‘2024 2nd quarter phishing email statistics report’ on the 14th. Provided by AhnLab.,
,
,
,
,
, In the phishing emails sent in the second quarter of this year, keywords related to product payment and purchase were most commonly used, indicating the need for caution.,
,
, ‘On the 14th, AhnLab released a report analyzing phishing emails and attachments collected during the second quarter.’,
,
, The keywords most used by phishing email attackers were closely related to daily life and work., ‘The top keyword was related to payment and purchase (27.7%). In particular, terms related to monetary transactions such as payment, order, and invoice were used in the email subjects to attract users’ attention. Following that, keywords related to shipping and logistics ranked second in phishing keywords at 20.6%. Attackers used words like delivery, shipment, customs, or mentioned actual famous logistics company names in an attempt to deceive. The third place was urgency and notice with strong announcement and notification characteristics.’,
,
, Analysis of the types of attachments in phishing emails revealed that ‘fake page’ type accounted for 50%., ‘They mimicked various elements such as the screen layout, logo, and font of well-known portals or legitimate pages. If a user enters account information, it is immediately sent to the attacker’s server with the phishing structure in place.’,
,
, ‘In addition, malicious attachments included downloader (13%) for downloading additional malicious code onto infected PCs, trojan horse (10%) that executes malicious code by pretending to be a legitimate program, and infostealer (5%) that steals user information.’, The extension of malicious attachments, such as ‘.html’, ‘.shtml’, ‘.htm’ script files (50%), requires caution.,
,
, To prevent damage from phishing emails, it is necessary to ① verify the sender of the email and prohibit opening attachments and URLs of suspicious emails ② use different accounts and change passwords periodically for different sites ③ keep antivirus programs up to date and activate phishing site blocking features ④ practice security guidelines such as keeping the latest versions and security patches of the programs (OS/internet browsers/office software, etc.) in use., ‘Yang Hayoung, Director of AhnLab Security Intelligence Center (ASEC), emphasized, “Phishing emails, including text and attachments, are becoming increasingly sophisticated, so users must follow security guidelines.”‘,
,