Netherlands: Security

Symantec Internet Security Threat Report Volume 20

Issue link: http://hub-nl.insight.com/i/542066

Contents of this Issue

Navigation

Page 55 of 118

2015 Internet Security Threat Report 56 MOBILE & IOT WEB THREATS SOCIAL MEDIA & SCAMS TARGETED ATTACKS DATA BREACHES & PRIVACY E-CRIME & MALWARE APPENDIX BACK TO TABLE OF CONTENTS Phishing in Countries You Might Not Expect By Nicholas Johnston Symantec sees a significant proportion of global email traffic, and recently we were surprised to see phishing attacks targeting institutions in rather unexpected locations. Angola and Mozambique are two southern African countries, on opposite sides of the vast continent. These countries aren't the first places that spring to mind when you think of phishing, where the goal is to gather sensitive information in order to make money. Mozambique is still a developing country, and despite having an abundance of natural resources, remains heavily dependent on foreign aid. Its per-capita GDP is around $600. Angola fares better than Mozambique; its per-capita GDP is just under $6,000. These are statistically poor countries. (For comparison, global average per-capita GDP figure stands at $10,400, and the U.S. GDP stands around $52,800.) Both of these countries have recently been subjected to phishing campaigns. For instance, one recent phishing campaign was targeted at a major African financial institu- tion, appearing to come from a Mozambique bank, with the email subject, "Mensagens & alertas: 1 nova mensagem!" (Messages & alerts: 1 new message!) A URL contained within the body lead to a fake version of the bank's Web site, asking the target to enter a number of banking details that would allow the attacker to take over the account. Why are financial institutions in these countries being targeted? It's impossible to be sure, but one of the main dangers of phishing is the ease at which attackers can set up phishing sites. Over the year we've found many "phish kits"--zip files containing phishing sites, ready to be unzipped on a freshly-compromised web server. Addition- ally, since Angola and Mozambique both speak Portuguese, campaigns from one country can easily be used in the other with only minor changes to the content within them. From an attacker's perspective, phishing has very low barriers to entry. By targeting smaller or more niche insti- tutions, phishers can avoid competition with their peers. Phishing awareness in developing countries is likely to be lower than in the US or Europe for example. In all likelihood, the phishing scams targeting Angola and Mozambique probably originate from those countries or neighboring ones. Phishers who target people in developed countries won't be interested in the comparatively low potential profits from phishing accounts in Angola or Mozambique—but those low (by Western standards) profits can still be attractive to someone living in Angola, Mozam- bique or nearby countries with similar living standards. It might also be easier for phishers based in Angola or Mozambique to use stolen credentials locally rather than selling them on. As people increasingly interact with companies and services online, we expect phishing to increase—there are more targets and barriers of entry that will continue to get lower. Even institutions in the very small and relatively isolated east Himalayan Kingdom of Bhutan have been targeted in phishing attacks. This only demonstrates that nowhere is safe from phishing.

Articles in this issue

Archives of this issue

view archives of Netherlands: Security - Symantec Internet Security Threat Report Volume 20