Based on anonymized data voluntarily provided by Kaspersky customers, some 68.95% (7 out of 10) of phishing attempts targeted finance-related transactions in the Philippines from February to April this year — the highest percentage of phishing attempts in Southeast Asia.  

The cybersecurity company detected and blocked phishing attacks against three financial categories namely, banks, eCommerce stores, and payment systems.  

Statistics from Kaspersky Security Network (KSN) revealed that phishing attempts in the Philippines are higher than in Indonesia (65.90%), Singapore (55.67%), Thailand (55.63%), Malaysia (50.58%), and Vietnam (36.12%).

In all three finance categories during the same three-month period, Kaspersky data showed that there were one in two (58.50%) phishing attempts against payment systems in the country such as credit cards, debit cards, and mobile payment apps or e-wallets. This number is the highest among countries in SEA. 

The same data also showed that phishing attempts in local banks were the lowest in the region at only 2.17%, while phishing attempts versus e-commerce shops in the country were the second-lowest among SEA countries at 8.28%. 

IndonesiaPhilippinesSingaporeThailandMalaysiaVietnam
Banks3.51%2.17%8.09%5.25%6.69%6.19%
Payment Systems27.76%58.50%37.48%22.22%38.02%20.26%
eShops34.63%8.28%10.10%28.16%5.87%9.68%
TOTAL65.90%68.95%55.67%55.63%50.58%36.12%
Percentage of financial-related phishing attacks in Southeast Asia from February to April 2022.

The percentages are from anonymized data based on the triggering of the deterministic component in Kaspersky’s Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an e-mail message or on the web, as long as links to these pages are present in the Kaspersky database.

“Alongside the increased adoption in digital transactions here in Southeast Asia, we also see the rise of ‘Super Apps’ in the region. These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel bookings, and even investments. Putting our data and digital money in one basket can trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate,” according to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Super Apps are traditional banks and service providers’ way of standing out in a rather crowded industry. As they try to work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more doors to a malicious exploit.

Phishing has remained to be the most effective trick on cybercriminals’ sleeves. It is a known way to crack into a user’s or even a company’s network by playing on a user’s emotions.

A possible scenario is given that one app has all the financial details of a user, a simple phishing link asking for the user’s credentials can compromise all the data available in the app. This magnifies the possible damaging effects of this threat.

“It is known that cybercriminals follow the money trail, so it is important for banks, app developers, and service providers to integrate cybersecurity from the beginning of application development. We expect hackers to target the rising Super Apps, both its infrastructure and its users through social engineering attacks. We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users in this period where phishing attacks continue to thrive,” Yeo added

While security systems are in place in most financial companies to protect customers from falling victim to suspicious activities, it is true that prevention is better than cure; much more can be proactively done at both the individual and bank levels.

For enterprises, the most important method of protection is to keep in mind that cybersecurity should be a “living” strategy, not a static platform. This will blend technology and effort and is constantly upgraded, updated, and improved. 

Banks and service providers need to ensure a security team (or security experts) that will be able to ensure cyber defense infrastructure is updated and will be able to provide support in the event of a cyber attack.

To start, firms can invest in endpoint security solutions. Kaspersky currently offers its Endpoint Detection and Response Optimum at a 35% discount to help enterprises get started. Interested companies can visit this link to know more. 

Some more crucial steps to look into also include:

Considering a threat intelligence platform. Another key component to include would be to ensure access to the latest IT security trends/threats – that is also known as threat intelligence. Threat intelligence will give the insight to act on, and paint a bigger, more accurate picture of the bank’s digital presence, to educate senior stakeholders about the ongoing risks and vulnerabilities. This will empower them to be able to make informed decisions on what needs to be done to keep the potential harm at bay, refine existing security processes to better defend against known threats, and plug any gap in the IT infrastructure on an ongoing basis. 

Ensuring any third-party vendors’ cybersecurity systems are also updated. There have been increasing reports on how breaches to third-party security systems have implicated businesses. Whether you are a bank, the Government, or a private enterprise, no one is immune from these security threats, and it is important that we heighten our vigilance when it comes to cybersecurity. It does not matter how secure your third-party vendor tells you their systems are, as the elevated prominence of supply chain attacks has shown us that it is important to take responsibility for your own cybersecurity posture rather than leaving it in your partners’ hands.

As parties are impersonated by threat actors, the implementation of defense measures needs to go beyond protecting their systems. Banks need to take proactive measures to remind their customers against falling prey to their impersonators and their phishing and scam attacks, even if they happen outside of their systems. 

Some things to keep in mind that can help individuals protect themselves against phishing attacks include: 

Not responding. Even prompts to reply like texting “UNSUBSCRIBE” or “STOP” can be a trick to identify active phone numbers. Attackers depend on your curiosity or anxiety over the situation at hand, but you can choose not to engage. 

Avoid using any links or contact information in the email or message. Go directly to contact channels where possible. Remember that urgent notices can be verified directly on online accounts or via an official phone helpline. 

Look out for mistakes, typos, and strange characters in the text. Some threat actors really struggle with English, or some mistakes are intentionally made (such as using numbers to replace certain alphabets, eg “Bank L0an” instead of “Bank Loan”) in an attempt to bypass spam filters.

Slowing down if a message is urgent. Emails and SMS are often read on the go, when one is distracted or in a hurry, leaving one’s guard down. The approach offers as caution signs of possible phishing, remain calm, and proceed carefully. 

Download an anti-malware app, which can protect against malicious apps such as Kaspersky Total Security for a safety net.

Kaspersky’s full 2021 Threat Landscape Report for Southeast Asia is available online via this link.


ABOUT THE AUTHOR

Robert “Bob” Reyes is a technologist, an ICT Consultant and Tech Speaker, a certified Google IT Support Specialist, and an Open Source advocate representing the global non-profit Mozilla (makers of Firefox) in the Philippines. Bob is a Technology Columnist for the Manila Bulletin Publishing Corporation and an aviation subject matter expert contributor for Spot.PH.

Follow The Filipino Tech Explainer on Facebook and X/Twitter.

If you liked my articles or any of the contents or if The Filipino Tech Explainer has helped you in any way, you can buy me a coffee and share your thoughts. Help me continue producing awesome articles by supporting my website. Maraming salamat po! Thank you very much!

What’s your Reaction?
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0
+1
0

Leave a Reply