Cyber-fraudsters increasingly collecting users’ selfies and IDs
29 November 2019 13:37 GMT

In the third quarter of 2019, Kaspersky experts have detected a surge in fraud related to the stealing of personal and confidential documents through photos and selfies (often required for registration or identification purposes). In phishing emails, seemingly from payment systems and banks, users were asked under various pretexts to confirm their identity by going to a special page and uploading a selfie alongside a photo of the ID document. The fake sites looked quite believable and contained a list of necessary document format requirements, links to privacy policies, and user agreements.

 

Overall, in the observed three-month period Kaspersky’s Anti-Phishing system prevented 105,220,094 attempts to direct users to scam websites. More than one in ten (11.28%) of all Kaspersky users worldwide experienced an attack. This is a slight decrease compared with the same period in 2018, when 137,382,124 attempts were observed, affecting 12.1% of all Kaspersky users worldwide.

The country with the largest share of users attacked by phishers was Venezuela (30.96%), which took second place in the previous quarter and has since added 5.29 percentage points.

Having lost 3.53 percentage points since 2018, Greece ranked second (22.67%). Third place, as in the last quarter, went to Brazil (19.70%).

“While the overall volume of spam and phishing is on a steady level, we can see the scammers are increasingly exploiting new pretexts and ways to compromise victims. Make sure you stay secure in the pre-holiday season when vigilance tends to fall,“ said Tatyana Sidorina, a security expert at Kaspersky.

Kaspersky recommends taking the following security measures:

Always check the link address and sender’s email before clicking on anything sent to you
Check if the link address can be seen in the email and is the same as the actual hyperlink (the real address the link will take you to). This can be checked by hovering your mouse over the link
Never share your sensitive data, such as login details and passwords or bank card data with a third party. Official companies will never ask for data like this via email
Start using a reliable security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud, to detect and block both spam and phishing attacks and initiation of malicious files.