Small and medium businesses in Indonesia, Malaysia, Viet Nam among top targets of phishing in Southeast Asia. — Photo courtesy of Kaspersky
Phishing is on the rise with more than 1.6 million attempts to transfer users to phishing pages via links within e-mails blocked by its software in the first six months of the year, global cybersecurity company Kaspersky reported.
Cybercriminals targeting small and medium businesses (SMBs) proactively seeded phishing emails, it said.
The 1.6 million phishing attempts against companies with 50-250 employees represented a 39 per cent increase year-on-year.
The largest numbers were foiled in Indonesia, Malaysia and Viet Nam. Singapore had the fewest phishing emails but witnessed a 60.5 per cent increase.
Yeo Siang Tiong, the Russian company’s general manager for Southeast Asia, said: “Most of the lockdown measures across Southeast Asia were implemented by the end of March, which then welcomed the second quarter with millions of first-time remote workers.
“Cybercriminals are making use of the current chaos to commit social engineering attacks such as phishing emails.
“By including hot topics and phrases related to the COVID-19 pandemic in their messages, the chances of an unsuspected user clicking infected links or malicious attachments increase tremendously.
“Threats are also harder to track over personal home networks. Add in the reality that we are all strained mentally which makes us more vulnerable to committing mistakes, it is essential for SMBs to acknowledge that working from home increases cybersecurity risks and take the necessary steps to protect data and cash flow.”
To help SMBs train their employees and kick-start a cybersecurity culture, Kaspersky is offering a three-month free automated security awareness training programme until the end of September, which works with up to 500 users.
Besides, Kaspersky experts suggested that SMBs should teach employees the basics of cybersecurity, regularly remind them about how to deal with sensitive data, enforce the use of legitimate software and download from official sources, back up essential data, regularly update IT equipment and applications, configure Wi-Fi encryption, use a VPN if connecting to Wi-Fi networks that do not belong to them, use corporate services for e-mails, messaging and all other work, and protect devices with anti-virus solutions. — VNS