Cybercriminals shift sights from banks to payment platforms

Nearly a third of phishing attacks last year focussed on gaining access to payment systems and e-commerce sites, according to a study by security experts Kapersky.

Phishing scams typically involve sending out fraudulent emails that claim to be from a person’s bank or credit card company, and ask customers to submit or “verify” details in order to circumvent an invented emergency. While many scams are crudely executed and glaringly obvious, an alarming number succeed in fooling their recipients. In 2012, an estimated $1.5 billion was lost to phishing worldwide.

In the past, fraudsters mostly sought to gain access to card and retail banking information. As online and mobile payments become increasingly popular, many cybercriminals are looking to exploit these avenues, too.

Kapersky’s study found that, last year, banks were mentioned in 29% of attacks, payment systems in 11% and online shopping sites in 8%. Just under a third (31%) of criminals sought to harvest data from Visa cards, followed by PayPal at 30% and AmEx at 31%. Just under half (48%) of scams took place on Mac systems.

“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams,” said Nadezhda Demidova, Kaspersky web content analyst.

“They are beginning to tackle phishing distribution channels, especially email spam, more actively. That leads to a reduction in the levels of phishing that targets some of the larger brands.”