Cyberattacks have become more sophisticated, common, and dangerous over the years. Criminals often use social engineering tactics to trick users into divulging their personal information, impersonating a trusted brand or individual, and using advanced malware to steal data.
In a report by Kaspersky’s SecureList, Kaspersky experts discovered that throughout 2022, cybercriminals increasingly switched to phishing attacks. Since October 2022, there have been more than 255 million phishing attacks.
Speaking on the effect of these attacks, Olga Svistunova, a security expert at Kaspersky, said,
Phishing is one of the most prevalent and pernicious threats in the cybersecurity landscape. Being the gateway to many of the worst cyber threats, phishing pages are the first step in a long chain of events that can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses. It’s crucial for everyone to understand the threat and take action to protect themselves.
Phishing attacks were the most significant threat faced by internet users in 2022, which increased by 24%. According to the report, the company’s anti-phishing system successfully blocked 507,851,735 attempts to access fraudulent content globally, twice the number of attacks thwarted in 2021.
This increase is somewhat linked to the COVID-19 pandemic, which has forced many individuals and organizations to rely on digital communication and has created new opportunities for cybercriminals. Many of these cyber crooks used the world’s situation at the time to scam, steal identity and engage in phishing attacks.
Also, although prices continued to decline throughout the year amid the “crypto winter,” scammers became increasingly interested in the accounts of wallet owners due to the unabated popularity of cryptocurrencies.
What is Phishing?
This type of cybersecurity attack occurs during which malicious actors send messages while posing as a reliable individual or organization. Phishing messages mislead users into downloading malicious software, clicking on malicious links, or disclosing private information like login details.
It is the most prevalent kind of social engineering. Phishing and other forms of social engineering are frequently coupled with other security risks like malware, code injection, and network attacks.
8.7% of African users encountered phishing attacks in 2022
In Africa, the spam, phishing, and scam landscape is also evolving, with cybercriminals becoming more sophisticated in their attacks. These attacks remain a significant threat in Africa, with many cybercriminals using social engineering tactics to trick users into giving up their personal information.
Another report highlights that phishing attacks remain a significant threat in Africa. About 8.7% of individual and corporate internet users have at least encountered one phishing attack in 2022. African countries experiencing significant spam, phishing, and scam activity include Nigeria, Ghana, South Africa, Kenya, and Egypt.
In South Africa, the share of users affected stands at 9.7%, followed by Kenya at 8.4% and Nigeria at 7%. South Africa topped the chart in the region and has seen a rise in scamming activities, with criminals posing as legitimate organizations to gain access to user data.
The increasing number in Africa could be because of the lack of digital security infrastructure. Cybersecurity protocols are not common discussions among individuals, SMEs, etc. Another report by Kaspersky released in August 2022 showed that in 3 months, there were 5,098,534 attacks detected in Kenya, 4,578,216 detections in South Africa, and 1,046,136 in Nigeria.
Scammers also prey on vulnerable populations in Africa, including the elderly and those who lack technological sophistication. These individuals are unfamiliar with some devices and are less likely to distinguish between a legitimate communication (such as a text message or e-mail) and a fraudulent/malicious one or recognize that a well-dressed scam text or e-mail is not from a trusted source.
How most of these attacks happened in Africa
Many of these attacks were connected to e-commerce services in the report. Most commonly, delivery services. Fraudsters would send phoney emails of delivery issues purporting to be from well-known delivery companies. The email contains a link to a sham website that requests money or personal information.
Other targeted categories were online stores and online financial services. In South Africa, 15.4% of the phishing attacks were through websites of fake payment systems, 68.4% through fake online stores, and 16.2% through fake online bank portals.
In Kenya, 22.5% of the attacks were through websites of fake payment systems, 54.9% through fake online stores, and 22.6% through fake online bank portals. And in Nigeria, 31.1% were through websites of fake payment systems, 51.2% through fake online stores, and 17.8% through fake online bank portals.
It also reported that this global trend in 2022 was through messaging, social media platforms, and email addresses.
How to protect yourself from phishing attacks
- Individuals and organizations must protect themselves from these attacks by using security software and being cautious when sharing personal information online.
- It is also very important for individuals and organizations to stay informed about the latest phishing techniques and educate themselves on spotting and avoiding phishing attempts.
- Individuals and organizations must pay more attention to website URLs, especially when clicking links.
By following best practices and staying informed about the latest phishing techniques, individuals and organizations can minimize their risk of falling victim to these attacks. African governments and organizations should also invest in cybersecurity measures to protect their citizens and customers from these threats.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!