In the second quarter of 2018 alone, $2.3 million have been collected through phishing: these are the figures published in Kaspersky’s latest study “Spam and phishing in Q2 2018“.
The report highlights all the new cases of online scams, scams that no longer occur only via email but also through social networks and even on websites with security certification.
In 2018 scams have been adapting to new financial activities, mainly those who invest in cryptocurrencies have been targeted.
The scheme is always the same: the presentation of fake ICOs of new startups and the consequent collection of funds for the development of their respective platforms.
The victims, often inexperienced and looking for great opportunities, believing they are investing in a new ICO and in projects with great potential, end up offering their funds to real fraudsters.
And it is Ethereum itself that seems to be the currency preferred by scammers. ETH scam estimated by Kaspersky, based on data received from over a thousand ETH wallets used by fraudsters sees, during the second quarter of 2018, a total of $ 2,329,317 (exchange rate at the end of July 2018) stolen through cyber phishing. This figure excludes the proceeds of classical phishing.
Scam websites look more legit than certified ones
As confirmed by Kaspersky, the paradox occurs when phishing websites (the fake ones) are sponsored and disseminated to the general public before the official ones.
A classic example is that of Experty: some hackers have managed to steal the information of potential investors who, after receiving a fake email containing a pirated link, sent their money to the scammers’ website.
Result? The loss of tens of thousands of dollars.
The Telegram case was even more famous: the parent company of one of the most popular instant messaging services announced at the beginning of the year its project to launch the Gram token. Immediately after the announcement, a dozen fake websites started popping up.
So far Kaspersky has been able to monitor the various scams, blocking around 58,000 phishing attempts that disguised as the most famous projects in the crypto world
HTTPS: is it really safe?
Apparently no one is safe anymore.
In 2017 alone, the number of recorded phishing attacks exceeded two thousand, as confirmed by Alexander Gostev, Kaspersky’s chief antivirus expert.
The problem, however, is particularly extensive and complex. The HTTPS certification, the HyperText Transfer Protocol over Secure Socket Layer (HTTPS, also known as HTTP over TLS, HTTP over SSL and HTTP Secure) which is the protocol considered universally safe and that certifies the protected connection, could also be at risk.
Well, according to the conclusions of the research, it is possible to find hacked pages even on protected areas, an alarm that had already been sounded in 2017.
As most websites migrate to the HTTPS certificate, more and more phishing pages are now available on certified domains.
The reaction of those directly concerned was immediate: from September 2018 Chrome will stop labelling HTTPS websites as protected in the address bar. Instead, as of October 2018, Chrome 69 will begin to display the “Not Secure” label when users enter data on unencrypted websites.