Kaspersky’s recent statistics report from February to April 2022 revealed that 68.95% of phishing attempts target finance-related transactions in the Philippines.
Anonymized data voluntarily given by Kaspersky’s customers revealed that phishing attempts that were blocked and detected were aimed at finances: banks, e-commerce stores, and payment systems. Specifically targeting credit cards, debit cards, and mobile payment apps or e-wallets.
Statistics from Kaspersky Security Network (KSN) also showed that phishing attempts in the Philippines are more severe than in Indonesia (65.90%), Singapore (55.67%), Thailand (55.63%), Malaysia (50.58%), and Vietnam (36.12%).
However, the same data also showed that phishing attempts in local banks were the lowest in the region at only 2.17%, while phishing attempts versus e-commerce shops in the country were the second lowest among SEA countries at 8.28%.
Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, also mentioned that ‘Super Apps’ are also on the rise in SEA. These mobile applications combine all popular monetary functions, including e-banking, mobile wallets, online shopping, insurance, travel bookings, and investments. However, he cautioned that putting people’s data and digital money in one basket can “trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate.”
Super Apps are traditional banks and service providers’ way of standing out in a crowded industry. However, as they try to work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more doors to a malicious exploit.
So far, phishing is still the most effective method, a very known way to crack into a user’s or even a company’s network by playing on a user’s emotions.
“It is known that cybercriminals follow the money trail, so it is important for banks, app developers, and service providers to integrate cybersecurity from the beginning of application development,” explained Yeo.
Kaspersky reminds its organizations that prevention is better than cure, even while security systems are already in place in most financial companies.
Firms may invest in endpoint security solutions, such as Kaspersky’s Endpoint Detection and Response Optimum that currently have a 35% discount to help enterprises get started. Interested companies can visit this link to know more.
Some more crucial steps to look into also include:
- Considering a threat intelligence platform. Another critical component to include would be ensuring access to the latest IT security trends/threats – also known as threat intelligence. Threat intelligence will give the insight to act on, and paint a bigger, more accurate picture of the bank’s digital presence, to educate senior stakeholders about the ongoing risks and vulnerabilities. This will empower them to make informed decisions on what needs to be done to keep the potential harm at bay, refine existing security processes to better defend against known threats, and plug any gap in the IT infrastructure on an ongoing basis.
- Ensuring any third-party vendors’ cybersecurity systems are also updated. There have been increasing reports on how breaches to third-party security systems have implicated businesses. Whether you are a bank, the Government, or a private enterprise, no one is immune from these security threats, and we must heighten our vigilance regarding cybersecurity. It does not matter how secure your third-party vendor tells you their systems are, as the elevated prominence of supply chain attacks has shown us that taking responsibility for your cybersecurity posture is vital rather than leaving it in your partners’ hands.
- As parties are impersonated by threat actors, implementing defense measures must go beyond protecting their systems. Banks must take proactive steps to remind their customers against falling prey to their impersonators and phishing and scam attacks, even if they happen outside their systems.
Some things to keep in mind that can help individuals protect themselves against phishing attacks include:
- Not responding. Even prompts to reply like texting “UNSUBSCRIBE” or “STOP” can be a trick to identify active phone numbers. Attackers depend on your curiosity or anxiety over the situation, but you can choose not to engage.
- Avoid using any links or contact information in the email or message. Instead, go directly to contact channels where possible. Remember that urgent notices can be verified now on online accounts or via an official phone helpline.
- Look out for mistakes, typos, and strange characters in the text. Some threat actors really struggle with English, or some mistakes are intentionally made (such as using numbers to replace certain alphabets, e.g., “Bank L0an” instead of “Bank Loan”) in an attempt to bypass spam filters.
- Slow down if a message is urgent. Emails and SMS are often read on the go when one is distracted or in a hurry, leaving one’s guard down. Approach offers as caution signs of possible phishing, remain calm, and proceed carefully.
- Download an anti-malware app, which can protect against malicious apps such as Kaspersky Total Security for a safety net.
Read the full Kaspersky’s 2021 Threat Landscape Report for Southeast Asia here https://kasperskysea.co/premium_report.