Phishing detections against small businesses in Southeast Asia in 2020 detected by Kaspersky anti-phishing technology. — Photo courtesy of Kaspersky
Cybercriminals actively attacked small and medium businesses in Southeast Asia last year, with the top topics they exploited being COVID-19, non-existent video conferences and new corporate services, according to global cybersecurity company Kaspersky.
It said its anti-phishing technology blocked a total of 2.89 million attempts aimed at SMBs, a 20 per cent increase from 2019.
Phishing is a form of cybercrime based on social engineering techniques that involves stealing confidential data from a person’s computer and subsequently using the data for other purposes ranging from stealing money to selling it.
Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organisations, but can also be an almost 100 per cent perfect replica of a trusted website to which a victim is lured through phishing messages.
Indonesia registered the most incidents followed by Thailand and Viet Nam with over half a million attempts each. Malaysian, Filipino, and Singaporean SMBs were not spared, with these nations suffering a combined 795,000 attempts.
Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, said: “While they serve as the bedrock of our regional economy, SMBs are low-hanging fruits for cybercriminals. These malicious actors are aware that owners are focused on keeping their cash flow more than their cybersecurity, at least for now.
“Social engineering attacks such as phishing is also the easiest way in. Combining our current stressed minds with the right buzzwords like COVID-19, and now the vaccines, we expect to see this threat being used more to steal money and data from this already battered segment.”
Globally, online phishers exploited the COVID-19 theme, invited victims to non-existent video conferences and insisted that their targets register for “new corporate services.”
Given that the fight against the pandemic is not over yet, Kaspersky expects the main trends of 2020 to stay relevant in the near future.
An important trend that businesses in SEA, a region famous for being highly active on social media, should note is that phishing links and mails are being shared via online networking platforms, the company said.
Kaspersky experts observed that scammers who were spreading their chain mail via social networks and instant messaging applications began to favour the latter in 2020.
Message recipients were promised a discount or prize if they opened a link sent to them.
“It is true that governments and financial organisations are combining efforts to offer lifeboats for SMBs via grants and offers, but we have to accept that cybercriminals will spare no one,” Yeo said.
“Amidst the uncertainties, one thing I can say for sure is that building your IT security is always less costly than suffering a cyberattack.” — VNS