Nearly a million financial phishing attacks were made on small to medium enterprises (SMEs) and large companies in the Southeast Asian region in 2022, according to cybersecurity firm Kaspersky.
Kaspersky reported their security products had blocked a total of 822,536 financial phishing attempts at companies in the region, from SMEs to big companies.
Yeo Siang Tiong, general manager for southeast Asia of Kaspersky, noted the financial phishing apparently targeted individuals in SMEs and large organizations who are not cybersecurity-savvy.
“It’s interesting to see companies being targeted by financial phishing but we have to remember here that businesses, at their core, are still made up of humans. Phishing is a type of social engineering attack. Social engineering attack is dubbed as hacking of the human mind,” Tiong said.
With nine out of 10 employees needing basic cybersecurity skills training, cybercriminals know that the workforce remains a loophole they can exploit easily to launch a cyberattack against a company,” Tiong said.
Indonesia chalked up the highest number of financial phishing incidents at 208,238 followed by Vietnam with 172,694 attacks. Malaysia placed third with 120,656 recorded incidents while Thailand logged 101,461 phishing attempts related to finances.
The Philippines ranked fifth in the region with 52,914 phishing incidents followed by Singapore with 22,109 recorded attempts.
The cybersecurity firm said “financial phishing” refers not only to banking specific phishing but also payment systems and e-shops. Payment system phishing includes pages impersonating well-known payment brands, such as PayPal, MasterCard, American Express, Visa and others. E-shops refer to online stores and auction sites like Amazon, the Apple Store, Steam, eBay etc.
Phishing is one of the most prevalent forms of cybercrime due to the minimal effort required and the fact that it really works, the company said.
Kaspersky said phishing is usually built around an inherently simple scheme: using carefully crafted emails or notifications that mimic messages from banks, government organizations, entertainment platforms—really any service—cybercriminals can trick users into following a link to a fraudulent website and giving up their payment or personal details or even downloading malicious programs.
Phishing email sent to employees is usually the first stage of 91 percent of all cyberattacks, a Deloitte report on cyberattacks said.
It showed that workers tend not to notice pitfalls hidden in emails devoted to corporate issues and online delivery problem notifications and almost one in five (16 percent to 18 percent) clicked the link in the email templates imitating these phishing attacks.
Among the other phishing emails that gained a significant number of clicks are: reservation confirmations from a booking service (11 percent); a notification about an order placement (11 percent); and an IKEA contest announcement (10 percent).