<
>

2024 Press Releases

March 27, 2024

Phishing Attacks Clog Business Networks in Southeast Asia in 2023

In 2023, Kaspersky anti-phishing technologies detected nearly 500,000 attempts to follow a phishing link on businesses’ devices in Southeast Asia (SEA). Interestingly, this number only refers to phishing links related to finance matters – e-commerce, banking, and payment systems.

Phishing persuades users to take action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organisation the users trust, they can more easily infect the victim with malware or steal their information.

These social engineering schemes “bait” with trust to get valuable information. This could be anything from a social media login, to your entire identity via your social security number. These schemes may urge the user to open an attachment, follow a link, fill out a form, or reply with personal information.

“Financial phishing” is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. Payment system phishing includes pages impersonating well-known payment brands.

From January to December last year, Kaspersky solutions detected and blocked a total of 455,708 financial phishing attempts targeting companies of various sizes in the region. The statistics reflect clicks on phishing links placed in various communication channels, including emails, fraudulent websites, messengers, social media, etc.

“Phishing is a trusted technique for cybercriminals when it comes to infiltrating business networks because they usually work. The rise of generative AI helps cyber criminals make phishing messages or scam resources more convincing. As a result, it becomes challenging for people to distinguish between a scam and a legitimate communication. That's why the role of robust security solutions increases,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

The Philippines logged the highest number of financial phishing at 163,279 attempts in 2023, followed by Malaysia with 124,105. Indonesia chalked up 97,465 incidents while Vietnam experienced 36,130 phishing attacks related to financial matters. Thailand and Singapore registered the least number of this threat at 25,227 and 9,502 respectively.


Detected and blocked financial phishing in Southeast Asia in 2023

“Cybercriminals employ various tactics, including financial-related phishing, to deceive employees and trick them into falling victim to an attack Our recent study showed employee security violations can be as damaging as external hacking for companies in Asia Pacific which means the human factor continues to play a role in making businesses vulnerable. Tools to help safeguard against human error are a vital step forward, but they can’t exclude employee education, skills development, and overall strengthening of the company’s ability to detect and respond to cyberattacks,” adds Yeo.

To help companies protect their systems against the damages of a successful phishing attack, Kaspersky experts recommend:

  • To advance decision-makers' understanding of the importance of cybersecurity and how best to distribute budgets to stay ahead of threats, engage them with Kaspersky Interactive Protection Simulation for enhanced C-level professional education.

  • Consider experts’ help. For example, the Kaspersky Assessments family of professional services identifies security gaps in your system’s configuration, and the Security Architecture Design helps create an IT security infrastructure that’s a perfect fit for a particular company. Every step of implementation is grounded in real security needs, giving decision-makers convincing arguments to allocate budgets.

  • Install and use enterprise security solutions with anti-phishing software: The Advanced Anomaly Control feature within Kaspersky Endpoint Security for Business Advanced, Kaspersky Total Security for Business and Kaspersky Endpoint Detection and Response Optimum help prevent potentially dangerous activities that are ‘out of the norm’, both undertaken by the user and initiated by the attacker who has already seized control of the system.