Cybersecurity company Kaspersky reported that it has blocked a total of 822,536 financial phishing attacks targeted at companies in Southeast Asia (SEA) in 2022.
The company further said from SMEs to large enterprises, financial phishers kept trying to infect businesses in the region last year.
It’s usually built around an inherently simple scheme: using carefully crafted emails or notifications that mimic messages from banks, government organizations, entertainment platforms – really any service – cybercriminals can trick users into following a link to a fraudulent website and giving up their payment or personal details or even downloading malicious programs, the company said.
In this case, “financial phishing” refers not only to banking-specific phishing but also payment systems and e-shops. Payment system phishing includes pages impersonating well-known payment brands, such as PayPal, MasterCard, American Express, Visa and others. E-shops refer to online stores and auction sites like Amazon, the Apple Store, Steam, eBay etc.
Indonesia chalked up the highest number of financial phishing incidents (208,238). Vietnam comes as a second close with 172,694, and Malaysia recorded 120,656. Thailand logged 101,461 phishing attempts related to finances, followed by the Philippines with 52,914, and Singapore with 22,109.
“It’s interesting to see companies being targeted by financial phishing but we have to remember here that businesses, at their core, are still made up of humans. Phishing is a type of social engineering attack. Social engineering attack is dubbed as hacking of the human mind. With nine out of ten employees needing basic cybersecurity skills training, cybercriminals know that the workforce remains a loophole they can exploit easily to launch a cyberattack against a company,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
As reported, phishing email is usually the first chapter of 91% of all cyberattacks. A phishing simulation done by Kaspersky reinforced how cybercriminals trick employees into clicking malicious mails.
It showed that workers tend not to notice pitfalls hidden in emails devoted to corporate issues and online delivery problem notifications and almost one in five (16% to 18%) clicked the link in the email templates imitating these phishing attacks.
Among the other phishing emails that gained a significant number of clicks are; reservation confirmations from a booking service (11%), a notification about an order placement (11%), and an IKEA contest announcement (10%).