By Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky
The recent multi-million incident involving a top digital wallet provider in the Philippines shows two things: (1) that cybercriminals continue to target fintech institutions and (2) that securing these convenient technologies is really a shared responsibility.
A recent report shared phishing attacks were deployed to sneak into the e-wallet accounts of the victims to conduct malicious transfers. Phishing remains one of the most prevalent and damaging threats in the cybersecurity landscape, primarily because it works.
Last year, our solutions blocked 822,536 financial phishing targeting businesses in Southeast Asia (SEA), of which nearly 52,914 financial phishing incidents are targeting users in the Philippines.
Clearly, we have seen in this unfortunate incident that the effect of a successful phishing attack can result in identity theft, financial loss, and reputational damage for both individual consumers and businesses.
The good thing is that our study showed Filipino respondents are aware of the phishing dangers in digital payments, and that 48% who were surveyed believed that antivirus software is required to protect their money and data online.
However, when asked if they have installed an antivirus and/or any other security solutions in the devices they use for online financial transactions, only half (25%) said yes.
This data is alarming because, in spite of Filipino respondents’ knowledge of such online threats, the action to install a safety net against this is still lacking.
It’s crucial for everyone to understand that everyone has a role to play in cybersecurity.
Users like you and I should acknowledge the fact that we are vulnerable. Cybercriminals always find ways to be creative and believable. To enjoy the perks of these technologies, we need to also exercise due diligence. We need to arm ourselves with knowledge about phishing attacks and practice good cyber hygiene, But most importantly, we need security solutions to serve as a safety net for our digital assets and our devices.
We also continue to urge fintech companies to:
- To prevent more implications of a phishing attack, like data breaches, we suggest deploying a comprehensive defensive concept that equips, informs and guides your team in their fight against the most sophisticated and targeted cyberattacks like the Kaspersky Extended Detection and Response (XDR) platform.
- Remind your employees about the basic signs of phishing emails. A dramatic subject line, mistakes and typos, inconsistent sender addresses, and suspicious links.
- Always report phishing attacks. If you spot a phishing attack, report it to your IT security department and, if possible, avoid opening the malicious email. This will allow your cybersecurity team to reconfigure anti-spam policies and prevent an incident.
- Supply your employees with basic cybersecurity knowledge. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats.
- Since phishing attempts can be confusing, and there’s no guarantee of avoiding all accident clicks, protect your working devices and your enterprise perimeters with a holistic cybersecurity expert.