Cybercriminals are constantly coming up with new methods for online fraud, and there has been an increase in such activity in recent months. Kaspersky experts noticed increased activity from fraudsters stealing passwords by using special malware called Trojan-PSW – these are stealers capable of gathering login and other account information, including any personal data – from gaming websites and streaming accounts for example – to online banking.
Kaspersky experts analysed data from 2020-2021 (January to September) on the number of attempts to infect and targets. According to their research, the dynamics for South Africa are worrisome: during January – September 2021, there were 29% more users attacked than in the same period of 2020.
There is also a global growth in the number of attacked users during this time. For example, there were approximately 160,000 more targets across the world in September than in April, an increase of 45%. In recent months, Kaspersky experts have also seen a sharp rise in the number of attempts to infect users: Q3 2021 (July to September) saw an increase of almost 30%. The total amount of detections also increased compared to the previous year: from 24.8 million to 25.5 million.
Denis Parinov, security expert at Kaspersky, says: “As statistics show, logins, passwords, payment details and other personal data continue to be an attractive target for cybercriminals, and they remain a popular commodity on the dark market. For this reason, we encourage Internet users to take extra steps to protect their accounts. For example – by using multifactor authentication methods. Increased scammer activity using password stealers also suggests the need for users to be more careful, not to follow unverified links and to use an updated security solution.”
To avoid falling victim to malicious programs and scams aiming at stealing credentials, Kaspersky advises users to:
- Always keep software updated on all the devices you use to prevent attackers infiltrating your network by exploiting vulnerabilities.
- Use strong passwords to access corporate services. Use at least two factor authentication to access your account.
- Avoid posting online personal information that may give away your identity, such as your address, your personal phone number, your email address, and so on. Before sharing anything, consider the unintended consequences and do not share anything that might compromise your or someone else’s privacy.