Viet Nam has the lowest rate of financial attacks in Southeast Asia, much lower than the average rate in the region, according to global cyber-security and digital privacy company Kaspersky.
According to the latest statistics from Kaspersky, more than 26.36 per cent of phishing attempts in Viet Nam last April were financial and related to banking, payment systems and e-shops. Payment systems involved the largest number detected by Kaspersky, accounting for over 11 per cent of the total.
The increase in online transactions during the COVID-19 pandemic facilitated the proliferation of phishing as pages impersonated popular payment systems such as Visa, Mastercard, PayPal, and others.
As more and more users shopped online, phishing attempts targeting e-shops also increased, accounting for 30 per cent of financial phishing cases.
Bank-related phishing accounted for 6.46 per cent of all cases.
The company said financial phishing was common in Southeast Asia, accounting for more than 40 per cent in most countries in this region. The Philippines had the highest rate, 64.03 per cent, followed by Thailand with 56.35 per cent.
The region’s average was 43 per cent.
The low rate in Viet Nam could be attributed to its efforts to boost data and financial security awareness.
“Alongside the increased adoption in digital transactions here in Southeast Asia, we also see the rise of ‘super apps’, Yeo Siang Tiong, Kaspersky general manager for Southeast Asia, said.
“These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel booking, and even investment.
“Putting our data and digital money in one basket can trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate.”
Super apps are traditional banks and service providers’ way of standing out in a rather crowded industry as they try to work with third parties and incorporate their services into a single mobile app.
It means the attack surface expands, opening up more doors for a malicious exploit.
A possible scenario is given that one app has all the financial details of a user, a simple phishing link asking for the user’s credentials can compromise all the data available in the app. This magnifies the possible damaging effects of this threat.
“It is known that cybercriminals follow the money trail, so it is important for banks, app developers and service providers to integrate cyber-security from the beginning of application development,” Yeo said.
“We expect hackers to target the rising ‘super apps’, both infrastructure and users, through social engineering attacks.
“We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education to their users in this period when phishing attacks continue to thrive.”
While security systems are in place in most financial companies to protect customers from falling victim to suspicious activity, it is a truth that prevention is better than cure, and much more can be proactively done at both the individual and bank levels.
For enterprises, the most important method of protection is to keep in mind that cyber-security should be a “living” strategy, not a static platform. This will blend technology and effort, and is constantly upgraded, updated and improved.
Banks and service providers need to have a security team (or security experts) who will be able to ensure the cyber defence infrastructure is updated and will be able to provide support in the event of a cyber-attack. — VNS