Phishing is on the rise with more than 1.6 million attempts to transfer users to phishing pages via links within emails blocked from January to June, showing small and medium businesses need cybersecurity improvements in the context of continued remote working
The second quarter of every year often saw phishers relaxing given that the months of April to June are usually vacation period across the globe. However, triggered by the still ongoing pandemic, this year’s second quarter proved to be productive for malicious actors online.
According to Kaspersky’s latest statistics, cybercriminals targeting small and medium businesses (SMBs) in Southeast Asia (SEA) spent their months seeding phishing emails proactively. The global cybersecurity company’s anti-phishing software applications prevented 1,602,523 phishing attempts against companies with 50-250 employees, a 39% increase compared with the same period last year.
Data showed that, in the first half of this year, Kaspersky has foiled the most phishing attempts in the region against SMBs in Indonesia, Malaysia, and Vietnam. Singapore tolled the fewest phishing emails in the region, but still witnessed an increase of 60.5% compared with the same period last year.
On a worldwide scale, Brazil was the country to have the most phishing emails prevented by Kaspersky in the second quarter of 2020, next to Russia, France, Columbia, and the United States of America.
“According to our telemetry, phishing attempts remained a rising threat to SMBs in the region from the first quarter until the second quarter of the year,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “This can be triggered by the fact that most of the lockdown measures across Southeast Asia were implemented by the end of March, which then welcomed the second quarter with millions of first-time remote workers.”
Globally, top phishing topics include campaigns using the coronavirus as bait, such as mask selling scams, donation requests for coronavirus vaccine research funding, scams exploiting coronavirus fears, pandemic-related bonuses, and “compensations.” Other themes being exploited are employee performance appraisals, important messages from HR or admin, urgent password check requests, urgent press release notices, email back-up notices, among others.
“Cybercriminals are making use of the current chaos to commit social engineering attacks such as phishing emails. By including hot topics and phrases related to the COVID-19 pandemic in their messages, the chances of an unsuspected user clicking infected links or malicious attachments increase tremendously. Threats are also harder to track over personal home networks. Add in the reality that we are all strained mentally which makes as more vulnerable to committing mistakes, it is essential for SMBs to acknowledge that working from home increases cybersecurity risks and take the necessary steps to protect the data and the cash flow that they still have,” Yeo said.
To help SMBs train their employees, Kaspersky is offering a three-month free Automated Security Awareness Training which aims to help small and medium enterprises kick-start their company’s cybersecurity culture. This program is available until the end of September 2020 and works with up to 500 users. Interested business owners can find out more about this by visiting this link.
The global cybersecurity company also acknowledges the challenges being faced by the SMB segment, thus, giving a buy 1-year license get 1-year license for free promotion for its unparalleled endpoint solutions which include:
- Kaspersky Endpoint Security for Business
- Kaspersky Endpoint Security for Cloud and Cloud Plus
- Kaspersky Security for Microsoft Office 365
- Kaspersky Hybrid Cloud Security.
- More information about this regional promotion can be found here.
Kaspersky experts also suggest the following tips for SMBs and employees to avoid being lured by cybercriminals through phishing:
- Teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldn’t use their name, birthday, street address, and other personal information.
- Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that it should not be shared with untrusted third parties.
- Enforce the use of legitimate software, downloaded from official sources.
- Create backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that could cause a breach.
- Configure Wi-Fi encryption. It is imperative to configure your network connection correctly and set your router’s log-in and password regularly.
- Use a VPN if connecting to Wi-Fi networks that don’t belong to you. When you’re connected through a VPN, all of your data will be encrypted regardless of the network settings, and outsiders will not be able to read it.
- Use corporate services for e-mail, messaging, and all other work. Stick to corporate resources when exchanging documents and other information. Those cloud drives, but configured for business, are generally far more reliable than the free user versions.
- Protect devices with an antivirus solution. It is vital that you install a reliable security solution on all devices that handle corporate data.