The Philippines is among the top 5 countries in Southeast Asia (SEA) with the highest number of financial phishing incidents, based on Kaspersky data. The cybersecurity company saw 52,914 attacks against businesses in the country.
According to Kaspersky, Indonesia has the highest number of financial phishing incidents (208,238). Vietnam comes in second with 172,694, Malaysia recorded 120,656, Thailand logged 101,461, followed by the Philippines.
Financial phishing targets not only banks but also payment systems.
“Phishing is a type of social engineering attack, which is dubbed as the hacking of the human mind,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “With 9 out of 10 employees needing basic cybersecurity skills training, cybercriminals know that the workforce remains a loophole they can exploit easily to launch a cyberattack against a company.”
Phishing perpetrators usually attack through carefully crafted emails or notifications imitating banks and other organizations. Unsuspecting employees can either download the malware through email attachments or links to fraudulent websites.
Different phishing attacks
Based on Kaspersky’s data, phishing emails that gained a significant number of clicks include reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).
To prevent complex attacks, and any related financial and reputational losses caused by phishing attacks, Kaspersky recommends the following for businesses:
- Remind your employees about the basic signs of phishing emails. A dramatic subject line, mistakes and typos, inconsistent sender addresses and suspicious links;
- If there is any doubt about the received email, check the format of the attachments before opening them and the link accuracy before clicking. This can be achieved by hovering over these elements, making sure the address looks authentic and the attached files are not in an executable format;
- Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email. This will allow your cybersecurity team to reconfigure anti-spam policies and prevent an incident;
- Supply your employees with basic cybersecurity knowledge. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats. As a major cybersecurity vendor, Kaspersky possesses a relevant base of information on real attacks and continuously supplements its Security Awareness Trainings in accordance with the current threat landscape
Since phishing attempts can be confusing, and there’s no guarantee of avoiding all accident clicks, protect your working devices and your enterprise perimeters with a holistic expert security like Kaspersky Extended Detection and Response (XDR) platform. It provides anti-spam capabilities, tracks suspicious behavior, and creates a backup copy of your files in case of ransomware attacks. Anti-phishing protection is also included, as well as threat hunting.