New data from Russia-based cybersecurity firm Kaspersky reveals that the prevalence of phishing and social engineering scams has increased significantly in Africa in Q2 2022 in comparison with the previous quarter.
The company’s security solutions detected 10,722,886 phishing attacks in Africa in Q2, showing a 234% increase from the previous quarter.
Tech powerhouses across Africa have seen the highest amount of growth in scams. Kenyan users have been influenced the most by this type of threat: there were 5,098,534 phishing attacks detected in 3 months – a growth of 438% when compared to the previous quarter. It was followed by South Africa (4,578,216 detections and a growth of 144%) and Nigeria (1,046,136 detections and a growth of 174%).
In particular, while vacation season is high, scammers are trying to lure travellers who are looking for interesting places to go, cheap places to stay and reasonably priced flights.
“After two years of flight restrictions imposed by the pandemic, travelling is back. But so are travel scams – with intensified scamming activity targeting users through fake booking and rental services. Such attacks are totally preventable, which is why we urge users to be skeptical about overly generous offers. If an offer seems too good to be true, it probably is,” comments Mikhail Sytnik, a security expert at Kaspersky.
Kaspersky researchers have observed intensified scamming activities, with numerous phishing pages distributed under the guise of airline and booking services. The number of attempts to open phishing pages related to booking and airline services in the first half of 2022 was 4,311 in the META region.
What are Social Engineering Scams?
Social engineering, which is sometimes called “human hacking” scams, are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information.
The latter often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, this opens doors to various malicious operations, such as money being stolen, or corporate networks being compromised.
What is Phishing?
Phishing is a strong attack method because it is done on a large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
Phishers deploy a variety of tricks to bypass e-mail blocking and lure as many users as possible to their fraudulent sites. A common technique is HTML attachments with partially or fully obfuscated code. HTML files allow attackers to use scripts, and obfuscate malicious content to make it harder to detect and send phishing pages as attachments instead of links.