South Africa is world’s most phished country: Symantec

South Africa is the most phished country on earth. That’s according to the September intelligence report from online security giant Symantec.

According to the report, one in 133.1 emails sent in the country contained a phishing attack. This is significantly more than the global average of one in 447.9 emails.

Perhaps intriguingly, the country doesn’t even feature in the top 10 as a source of phishing. The US, Austria and the UK take up the top three positions in this regard and together account for nearly 73% of the world’s phishing attacks.

That South Africa’s phishing rate is so high is interesting given that it remains in line with global averages in other areas of web security. The Spam rate in the country, for instance, sits at 73.%, compared to a global average of 74.8%.

South Africa’s ascent to the top of the global phishing rankings comes amidst a general decline in phishing attacks. The number of phishing Web sites, for instance, decreased by 12.2 percent in September. The number of phishing Web sites created by automated toolkits decreased by approximately 38.6 percent.

The report also indicates there has been a global deluge of malware spread via email, stating that “approximately 72% of all email-borne malware in September could be characterised as aggressive strains of generic polymorphic malware”.

“This unprecedented high-water mark underlines the nature by which cyber criminals have escalated their assault on businesses in 2011, fully exploiting the weaknesses of more traditional security countermeasures,” said Paul Wood, Senior Intelligence Analyst, Symantec.cloud.

One reason cited for the sudden spike in malware could be the adoption of a variety of new techniques by the social engineering behind the attacks. One such technique involves the malicious software pretending to be an email from a smart printer/scanner being forwarded by a colleague in the same organisation.

“The idea of an office printer sending malware is an unlikely one, as printers and scanners were not actually used in these attacks, but perhaps this sense of security is all that is required for such a socially engineered attack to succeed in the future,” Wood said.

In the world of spam, meanwhile, Symantec reports that spammers have “identified vulnerabilities in certain older versions of the popular WordPress blogging software used on a large number of websites across the internet”.

The vulnerability allows spammers to use the WordPress platform to compromise a Web server, placing a file deep within the WordPress directory structure, presumably in an attempt to avoid (or at least delay) detection.

According to Symantec “The buried file is a simple HTML page, usually containing text like “Page loading” which is briefly shown before a HTTP “meta refresh” is used to redirect users to the spammer’s website.