German Unity Day Doubles Number of DACH-Targeted Fraud and Phishing Attacks

Two times more Germans were likely to become victims of phishing and fraud attacks on the German Unity Day, according to research by antivirus software provider Bitdefender. The security company expects the scam spike to continue in November and December, when winter holidays approach.

Though autumn had started in a positive note, the public holiday on October the 3^rd doubled the amount of potential German victims. The number of users that ended up on phishing and fake URLs also quadrupled on October the 6^th, when scammers’ calendar pointed to a less celebrated holiday, the German-American Day.

“Cyber-criminals keep an eye on the calendar when creating new scams, but sometimes fail at choosing the right celebrations and countries for new attacks,” said Bitdefender Chief Security Strategist Catalin Cosoi. “This month, they probably thought that Germans will also be celebrating the German-American Day and will be spending more time on the Internet, buying fictive presents for their US friends and making online reservations at fake hotels”

The Bitdefender research also showed that 4,62% of the worldwide number of potential scam victims in September were Germans, one per cent less than in August. The calm didn’t last long in the online threats landscape of the region, as October brought hundreds of new phishing and fraud URLs addressed to Germans.

One of the websites hijacked for phishing attacks this month was a poor-crafted gaming web page. The phishing tricks Germans into giving away their personal information that might later be used to empty their bank accounts. Most of the worldwide e-threats originate from the US, with 40% of all phishing attacks in September being hosted in one of the American states.

Unlike phishing attacks, fraudulent web pages are created on newly bought domains, sometimes registered on top level domains such as “de”. For increased efficiency, cyber-criminals also place malware on some of the web pages and attract new victims on forums, via e-mail or social networks.

For better understanding of online dangers, Bitdefender outlined the differences between classical phishing and sophisticated fraud. The antivirus software provider also offered advice for users to avoid falling for such scams:

• Before sending your personal data or money online, check WHOIS information for clues about the domain registration, hosting and online activity. More than 90% of the fake websites are registered only for one year.
• For security reasons, fraudsters use registrant emails that offer anonymity such as [email protected], [email protected], but also free e-mail addresses from providers such as Yahoo, Hotmail, and Gmail, which a serious organization wouldn’t do.
• Before shopping online, make sure you enter the web page manually in the browser to avoid giving sensitive information to copycat sites. Check that the address starts with “https://” instead of “http”
• An unclear URL address, spelling errors and poor grammar might be clues that point to a phishing attack. Typing the legitimate URL directly in the browser may also help you stay away from phishing and fraud.
• Check the list of authorized banks in your country when dealing with a financial organization you haven’t heard of.
• Stay on guard when using social networks. The careful selection of online “friends” the consideration of the information you share, and the way you interact with applications or dubious links will protect you from social engineering, fraud, phishing and malware attacks.
• Keep your antivirus updated. Remember that Bitdefender not only blocks malware, but also phishing and fraud. In 2013, the security software won an Advanced+ award and in 2012 was proven the best in the industry at detecting phishing attempts, after testing by independent analysis firm AV-Comparatives. The antivirus leader blocked 98% percent of phishing attempts targeting users of PayPal, eBay, numerous online banks, social networks, online gaming sites, credit card data and more.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin DAMIAN, Bitdefender Online Threats Researcher.