PH biggest target of phishing in Southeast Asia—cybersecurity report

STOCK PHOTO

MANILA, Philippines—From February to April this year, nearly seven out of 10—or 68.95 percent—phishing attacks recorded in the Philippines targeted finance-related transactions, according to cybersecurity firm Kaspersky.

Data from Kaspersky Security Network (KSN) showed that cases of finance-related phishing attempts from February to April this year were highest in the Philippines among Southeast Asian countries.

The portion of finance-related phishing attempts during the same period was 65.90 percent in Indonesia, 55.67 percent in Singapore, 55.63 percent in Thailand, 50.58 percent in Malaysia, and 36.12 in Vietnam.

A separate report released by Kaspersky last April showed that the Philippines was the most hit by phishing attacks last year in the region.

GRAPHIC Ed Lustan

Around 9.9 percent of Filipinos were exposed to phishing attempts in 2021, beating Malaysia (8.49 percent), Thailand (7.93 percent), Indonesia (7.70 percent), Vietnam (7.45 percent), and Singapore (3.30 percent).

READ: Phishing attempts in PH dropped in ’21, says Kaspersky

Phishing, according to the cybersecurity firm, “is a type of Internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information.”

“Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations,” explained Kaspersky.

“The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data. Such excuses usually relate to loss of data, system breakdown, etc,” it added.

Finance-related phishing attacks

Kaspersky detected and blocked phishing attacks against three financial categories in the region last year. These categories included banks, e-commerce stores, and payment systems.

Statistics from KSN showed that in all three categories during the same three-month period, there were one in two—58.50 percent—phishing attempts against payment systems in the Philippines such as credit cards, debit cards, and mobile payment applications or e-wallets.

GRAPHIC Ed Lustan

The number was highest among incidents recorded in other Southeast Asian countries—Malaysia (38.02 percent), Singapore (37.48 percent), Indonesia (27.76 percent), Thailand (22.22 percent), and Vietnam (20.26 percent).

Same data from the cybersecurity company revealed that phishing attempts against banks in the Philippines were only 2.17 percent—the lowest among other Southeast Asian countries—while phishing attempts versus e-commerce shops in the country were the second-lowest among the other countries at 8.28 percent.

“The percentages are from anonymized data based on the triggering of the deterministic component in Kaspersky’s Anti-Phishing system on user computers,” Kaspersky said in a statement.

“The component detects all pages with phishing content that the user has tried to open by following a link in an e-mail message or on the web, as long as links to these pages are present in the Kaspersky database,” the firm added.

GRAPHIC Ed Lustan

Earlier this year, six teachers from Metro Manila, Calabarzon (Cavite, Laguna, Batangas, Rizal, Quezon), Central Luzon, Negros, and Mindoro reportedly lost at least P26,000 to P121,000 each through unauthorized withdrawals from their payroll accounts in the Land Bank of the Philippines (LBP).

On the other hand, LBP denied any hacking incident in its systems and said that the teachers’ accounts were illegally accessed through phishing.

READ: Some teachers lose P26K to P121K each in alleged bank hacking — group

In December last year, nearly 700 BDO Unibank accounts have been hit by the fraudulent transactions.

According to social media posts of some victims, they discovered that unauthorized fund transfers were made using their accounts to move money to a UnionBank of the Philippines (UBP) account of a certain “Mark Nagoyo.”

BDO announced that clients who lost money to the fraudulent activity would be reimbursed. The bank management has also assured clients that it has already implemented additional security measures to prevent further fraudulent transactions and to protect bank credentials.

READ: NBI arrests 2 Nigerians, 3 others for ‘Mark Nagoyo’ bank hacking

Dangers of ‘Super Apps’

Siang Tiong Yeo, general manager for Southeast Asia at Kaspersky, also warned about the rise of “Super Apps” in Southeast Asia amid the rising use of digital transactions in the region.

“Alongside the increased adoption in digital transactions here in Southeast Asia, we also see the rise of ‘Super Apps’ in the region. These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel bookings, and even investments,” Yeo explained.

GRAPHIC Ed Lustan

“Putting our data and digital money in one basket can trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate,” he added.

Super Apps, according to Kaspersky, are a way for traditional banks and service providers to stand out in a crowded or competitive industry.

The cybersecurity firm, however, noted that as traditional banks and service providers work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more doors to a malicious exploit.

Kaspersky said that a simple phishing long asking for the Supper App user’s credentials could compromise all data available in the app.

“It is known that cybercriminals follow the money trail, so it is important for banks, app developers, and service providers to integrate cybersecurity from the beginning of application development. We expect hackers to target the rising Super Apps, both its infrastructure and its users through social engineering attacks,” said Yeo.

“We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users in this period where phishing attacks continue to thrive.”

Protection and prevention

To prevent being a victim of phishing attacks—especially amid the rise of Super Apps, mobile banking, and online payments during the pandemic—Kaspersky has recommended individuals protect themselves through:

In a separate report, the cybersecurity firm has also recommended digital payment providers adopt the following measures:

READ: Threat awareness high as digital banking users list preferred security steps

TSB/abc

Read more...