As financial phishing attacks soar across Southeast Asia, cybersecurity firm Kaspersky is sounding the alarm on growing risks faced by banks in the Philippines.
Sam Yan, head of sales for Asia Emerging Countries at Kaspersky, said financial phishing is no longer just a consumer issue but a direct attack on institutional credibility and operational integrity.
“Banks must view phishing as a strategic risk. It’s not just about blocking suspicious emails anymore, it’s about building cybersecurity awareness across all levels of the organization and hardening digital infrastructure against deception,” Yan said.
“Cybercriminals are adapting fast, but so can we. Through proactive investment in cybersecurity technologies and a culture of digital vigilance, Philippine institutions can stay one step ahead,” he added.
In 2024, Kaspersky blocked over 10.7 million phishing attempts worldwide linked to financial scams involving cryptocurrency, an 83 percent jump from the previous year. In the Philippines alone, 38,370 of these attacks targeted financial institutions.
In Southeast Asia, where mobile banking and digital wallets have become part of everyday life, phishing tactics are becoming more convincing.
Scammers now use fake bank websites, SMS phishing messages, and bogus investment platforms to target users more effectively.
The Philippines faces added risk due to low public awareness and the increasing number of scam messages imitating banks and government agencies. Kaspersky notes that financial phishing commonly takes different forms, including:
- Credential harvesting, where fake sites trick users into giving up usernames and passwords
- Social engineering, using fake messages to push users into verifying accounts or claiming refunds
- Impersonation of government services, especially during tax filing periods or public aid rollouts
To counter these threats, Kaspersky recommends the following:
- Keep all systems and software updated to avoid known vulnerabilities.
- Use strong passwords, restrict remote access, and never expose RDP or MSSQL ports to public networks.
- Educate staff with simulated phishing tests and training.
- Protect endpoints and networks.
For individuals:
- Use strong and unique passwords for each online account. Consider a password manager.
- Turn on two-factor authentication (2FA) wherever possible.
- Avoid downloading unknown apps or software. Only use official sources.
- Install security solutions that block phishing, spam, and fake websites in real time.
