Financial data for the fourth consecutive year is at the top of the malicious spam ranking

Kaspersky Lab experts conducted a spam analysis in 2014. The fourth year in a row, programs created to steal user logins, passwords and other confidential information remain at the top of the list of the most widely spread malicious programs distributed via e-mail.

The most important results of spam analysis in 2014

  • The percentage of spam in e-mails amounted to 66.8% - by 2.8 percentage points less than in the previous year.
  • The lower level of unwanted messages can be explained by the fact that advertisements of legal goods and services migrate to more effective, legal platforms.
  • The United States was the largest source of spam (16.7%).
  • The aim of 42.6% of phishing attacks were global portals integrating many websites, which can be accessed from one account.
  • The country with the highest percentage of users attacked by phishers was Brazil, in which 27.5% of users were targeted. Australia came second (23.8%), followed by India and France (23% each).
  • The three organizations whose brands were most commonly used in phishing attacks included: Yahoo! (23.3% of attacks), Facebook (10%) and Google (8.7%).

Mobile spam

Cyber-criminals are getting more and more popular with spam mailings masquerading as emails sent from mobile devices. These messages appeared in several languages, and their purpose were users of iPads, iPhones, Samsung smartphones and other mobile devices. These messages have one thing in common - very short content (or lack thereof) and the signature "Sent from my iPhone". They usually also contain links to malicious attachments.

Fake notifications from mobile applications

Unwanted mass mailings often impersonated notifications from various mobile applications, such as WhatsApp or Viber. Users are aware of the issue of synchronization of cross-platform applications, as well as various notifications from such tools. As a result, many owners of mobile devices can not see anything suspicious in an email that informs them that they have received a message on their mobile messenger. This is a mistake: these mobile applications are not connected to the user's email account, which automatically indicates that similar emails are false.


False notification coming supposedly from the Viber messenger. By clicking the "Listen to Voice Message" button, the user downloads malicious software.


Fraudulent notifications from banks are among the most common types of malicious spam and phishing attacks. Recently, however, we have noticed significant differences in the structure of some fraudulent messages. In 2014, spammers started to make false messages look more complex, adding more links to the official resources and services of the organizations from which supposedly their notifications come. Naturally, the attackers hope that an e-mail containing several links leading to legal resources will be treated as legal by both users and spam filters. In fact, such a message has one fraudulent link that redirects users to a phishing website or downloads a malicious program, "said Maria Vergelis , a spam analyst, Kaspersky Lab.

A full report on the evolution of spam in 2014 will appear soon in the SecureList.pl service run by Kaspersky Lab.

source: Kaspersky Lab



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.