More than 48% of companies saw increase in phishing fraud during pandemic

More than 48 percent of companies in India have seen an increase in phishing fraud amid the pandemic, according to a report by Com Olho.

Com Olho is a Cyber Security as a Service Platform (Cy-aaS) with in-build real-time APIs focused on detecting and preventing ad fraud independently through AI-based technology intervention.

The year 2020 saw a 15% increase in phishing incidents compared with last year. This increase is due to the ease with which personal data can be obtained, meaning that virtually anyone can start a phishing campaign with very little prior knowledge. Also pandemic was the tipping point for mobile transformation. Millions of people, advertisers, brands and companies turned to digital channels for shopping, working, and entertainment. This proved an ideal opportunity for fraudsters on the lookout for new targets impacting marketing campaigns by exhausting advertising money and resources by showing users unwanted ads or displaying ads on spoofed websites.

With companies almost doubling their digital advertising spends amid Covid-19, ad frauds are projected to go up in the range of 45-55 percent compared to the present industry average of 25-35 percent. Even in times like these, fraudsters have left no stone unturned when it involves stealing advertiser’s money.

Phishing incidents rose by a staggering 220% this year compared to the yearly average during the height of global pandemic fears. Fraudsters were quick to seize upon the opportunity of various lockdown rules and the increase in work from home. During the first quarter of 2021, social media accounted for 23.6% of this attack.

To understand how big the problem actually is, our systems reviewed more than 1M digital assets including famous social networks provided all these digital assets had more than 100K daily active users (DAU).

As per our findings, more than 10 percent of these digital assets reviewed either had inappropriate content, were fake, or had phishing links. These phishing sites target legitimate brand names and identities in their URLs. The phishing links redirected the user via “spoofed” websites to legitimate advertisers.

These brands' unsafe advertising not only severely impacts the brand's reputation but also poses a financial and regulatory risk. Fraudsters are becoming more creative with the names and are attempting to create more realistic website addresses for their phishing sites.

Despite this continued growth of phishing attacks and the availability of many advanced tools, techniques, and procedures, phishing attacks are succeeding because of poor security controls and a lack of awareness by users, says the report.

Fraudsters know that the way to make a quick buck isn’t to spend months making an attempt to break into an organisation’s security, it’s simply to ask nicely for the username and password so they can walk right in through the main door.

Com Olho’s report examines and analyses dark web market data building a complete and consistent picture of the world of phishing.

The report analyses as to how fraudsters are building, staging, and hiding their phishing sites and their tactics they use to remain hidden. The report deep dives into live examples of active and confirmed digital assets that are impacting advertisers’ ad spending, bottomline, and brand equity.

Phishing is like a fisherman throwing a baited hook out there and hoping you bite. The bait however is not some finger-licking food to satisfy your craving but is a phishing link.

Phishing remains popular as an organised cybercrime for one simple reason: it works. It is a way of committing fraud by stealing credentials, and distributing malware/adware. Cybercriminals use phishing URLs to try to obtain sensitive information for malicious use, such as username, passwords, or banking details. In the case of adware, cybercriminals use phishing URLs to redirect the user via spoofed links to legitimate advertisers' websites or generate revenue by automatically displaying unwanted advertisements to the user.

However, what appears on the face to be an ordinary form of cybercrime often can be, in practice, a well-planned attack by organised crime groups. It is often difficult to build a complete picture of the end-to-end process from finding victims and creating fake websites to fraudulently using victims’

credentials.