Nigeria, Kenya lead in phishing, scam in H1 2022

Phishing and scams soar in Kenya and Nigeria with a 438% and 174% increase in the number of detections in each country, respectively, in the second quarter of 2022.
Analysis by Kaspersky (www.Kaspersky.co.za) has revealed that attacks related to data loss threats (phishing and scams/social engineering) increased significantly in Africa in the second quarter of 2022 compared to the previous quarter.

The company’s security solutions detected 10,722,886 phishing attacks in Africa in the second quarter.

Kenyan users were the most affected by these types of threats: 5,098,534 phishing attacks were detected in 3 months, a growth of 438% compared to the previous quarter.

It was followed by South Africa (4,578,216 detections and a growth of 144%) and Nigeria (1,046,136 detections and a growth of 174%).

Social engineering, which is sometimes called “human hacking” scams, is used in many ways and for different purposes to lure unsuspecting users to the site and trick them into entering personal information.

The latter often includes financial credentials, such as bank account passwords or payment card details, or login details for social media accounts.

In the wrong hands, this opens the door to various malicious operations, such as stealing money or compromising corporate networks.

Phishing is a strong attack method because it is done on a large scale.

By sending mass waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in finding the credentials of innocent people.

Phishers implement a variety of tricks to bypass email blocking and lure as many users as possible to their scam sites.

A common technique is HTML attachments with partially or fully obfuscated code.

HTML files allow attackers to use scripts, and obfuscate malicious content to make it harder to detect and send phishing pages as attachments instead of links.

In particular, while the holiday season is peak around the world, scammers are trying to lure travellers looking for cool places to go, cheap places to stay, and reasonably priced flights.

Kaspersky researchers have observed an increase in scam activities, with numerous phishing pages distributed under the guise of airline and booking services.

The number of attempts to open phishing pages related to airline reservations and services in the first half of 2022 was 4,311 in the Middle East, Turkey and Africa (META) region.

“Planning a vacation is not easy.

People can spend weeks, even months, searching for the perfect place to stay and the tickets to get there.

Scammers use this to lure users who have grown tired of searching for great deals.

After two years of pandemic-imposed flight restrictions, travel is back.

But so are travel scams, with intensified scam activity targeting users through fake booking and rental services.

Such attacks are entirely preventable, so we urge users to be sceptical about overly generous offers.

If an offer seems too good to be true, it probably is,” says Mikhail Sytnik, a security expert at Kaspersky.

To stay protected from phishing and scams, Kaspersky experts recommend: Taking a close look at the address bar before entering any sensitive information, such as your login and password.

If something is wrong with the URL (ie spelling, doesn’t look like the original or uses some special symbols instead of letters) don’t enter anything on the site.

If in doubt, check the site’s certificate by clicking the lock icon to the left of the URL.

Do not click on links that come from unknown sources (whether through emails, messaging applications or social networks).

Please visit the company’s official website if you see a free gift offered via email or on social media by a travel company or airline to confirm that the free gift exists.

You should also carefully check the links that the giveaway ad takes you to.

Use a good security solution that can protect you from spam emails and phishing attacks.