Internet threats in the first quarter of 2014 included an increase in phishing sites and new and improved Android “notcom” malware according to CYREN’s Q1 2014 Internet Threats Trend Report.
Overview
There were many “firsts” in the first quarter of 2014: FIFA World Cup Soccer spam scams appeared; CYREN partner, PhishLabs observed a new wave of phishing attacks using residential IP address space and personal computers to install and host phishing sites; and Western Europe led the spam pack for the first time in a while collectively generating more than ¼ of the world’s spam.
Phishing Trends
CYREN’s New Phishing Feed Analyzes Trends
Observing trends in CYREN’S new phishing feed during a two-week period, we saw an approximate 73% increase in the number of phishing URLs/sites related to PayPal (from ~750/day in Q4 of 2014 to ~1300/day in Q1 of 2013). Rounding out the #2 through #6 spots were Apple with 2,261 phishing URLs, Poste Italiane with 1,720 URLs, Barclays Bank with 830, Battle.net at 436 and Sparkasse with 180.
Phishers Googling You
CYREN identified recent phishing attempts using a hacked Gmail account which sends out an email entitled “Wealth management article for your review”. The link, suggesting that the user review information contained in a “Google docs” document, leads the to a fake Google login/phishing site, asking for the Google user name and password.
Malware Trends
New and Improved: Android NotCom Malware
Android is once again the target “notcom” malware, distributed in email links sent from compromised email accounts. Depending on the visiting device, the same link directs users to different destinations; PC or iOS users are sent to a diet scam site; Android users find themselves again a victim of the malware package “security.update.apk” featuring encryption and a P2P function. Analysts speculate that the malware is designed to steal device and user data, and possibly as part of an Android botnet.
Spam Trends
Spam Levels
Spam levels continue their general downward trend, with the new year producing the traditional drop in spam—only 57% of all global email—a new low. Daily spam levels averaged 54 billion emails per day, with some days approaching 30 billion emails. Also notable this quarter was the sophistication level of some diet spam emails. By issuing press releases through recognized news agencies/news wires, diet spammers get legitimate publications (such as the Wall Street Journal) to run a story on the release. Included in the release are direct links to the scam diet websites, as well as language that appears to legitimize the content, such as “As Featured in the Wall Street Journal”. Alarmist content in the headlines further entice the reader to visit links.
The First World Cup Scams Appear
During the first quarter, CYREN observed some of the first emails related to FIFA World Cup. Employing a typical lottery scam, the email offers $1 million US dollars and one free entrance ticket to watch all games live in Brazil.
Download your copy of the Internet Threats Trend Report here: http://bit.ly/Q1trendreport