Kaspersky Reports Phishing Attacks Grew By 40 Percent in 2023

A new report from Kaspersky noted that its anti-phishing system was able to deter over 709 million attempts to access phishing and scam websites in 2023, highlighting a 40 percent increase over 2022. A spike in phishing activity was observed between May and June, where actors used travel-related lures including counterfeit airline tickets and fake hotel deals to gain potential victims. Notably, social media platforms like Telegram have become a common place for actors to distribute malicious links. According to Kaspersky, the security firm has observed a 22% increase in attacks leveraging Telegram from the previous year, highlighting its growing popularity among cybercriminals.

Analyst Comments:
Many of these phishing attacks are opportunistic, with actors taking advantage of holiday seasons to create targeted phishing lures such as fake discounts for travel and stay to incite potential victims. High-profile events and premiers including Barbie have also been exploited by actors to spin up counterfeit websites advertising early tickets at discounted rates.

In 2023 the popularity of AI-related services increased, with tools like ChatGPT experiencing exponential growth in the number of users. Notably, services like ChatGPT have been exploited by cybercriminals for various purposes. Given that the tool can help generate phishing emails and even code that can be used for developing malicious payloads, more and more actors have flocked to the platform. In particular, actors who aren’t native to the English tongue are now able to generate customized phishing messages in a matter of seconds without any grammatical errors, aiding in a surge in phishing attacks observed last year.

Suggested Corrections:
To avoid becoming a victim of phishing-based scams, Kaspersky advises the following:

  • Only open emails and click links if you are sure you can trust the sender.
  • When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication.
  • Check the spelling of a website’s URL if you suspect you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.