Kenya accounted for over one out of every four of the two million online attacks in Africa ahead of Nigeria and Egypt as cybercriminals use Covid-19 information to gain unauthorised access to devices and networks, new data from Kaspersky has revealed.
In its quarter two report, the cybersecurity firm indicates that Kenya had more than half a million phishing attacks, coming in second to South Africa which has 616,666 spam and phishing attacks.
Egypt accounted for 492,532 and Nigeria 299,426, while Kenya’s East African neighbours Rwanda and Ethiopia only accounted for 68,931 and 31,585 respectively.
Phishing is a strong attack method because it is done in large scale. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.
“When summarising the results of the first quarter, we assumed that COVID-19 would be the main topic for spammers and phishers for the past few months. And it certainly happened. While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” says Tatyana Sidorina, a security expert at Kaspersky.
Kaspersky analysis has indicated in Q2, 2020 that phishers increasingly performed targeted attacks, with most of their focus on small companies. To attract attention, fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims. In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic.
Kenya has been seeing increased cybercrime activity with the latest data from the Communication Authority of Kenya showing that in the most recent quarter 34,644,531cyber threats were detected.
Further, 17,844 advisories were issued by the National KE-CIRT which was an increase from the 16,654 issued in the previous quarter.
Working from home and increased flow of information during the pandemic has opened more avenues for cybercriminals.
According to Kaspersky, Phishing is one of the oldest and most flexible types of social engineering attacks. They are used in many ways, and for comprising financial credentials such as bank account passwords or payment card details, or login details for social media accounts. In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method.
Kaspersky experts advise users to take measures to protect themselves from phishing.
These precautions include always checking online addresses in unknown or unexpected messages, whether it is the web address of the site where you are being directed, the link address in a message and even the sender’s email address, to make sure they are genuine and that the link in the message doesn’t hide another hyperlink.
If you are not sure that the website is genuine and secure, never enter your credentials. If you think that you may have entered your login and password on a fake page, immediately change your password and call your bank or other payment provider if you think your card details were compromised.