Phl remains top target for hackers
The Philippines remains an easy target for hackers as it ranked the highest in terms of attracting phishing attempts in Southeast Asia.
A report released by cybersecurity company Kaspersky revealed that 10 or 68.95 percent phishing attempts targeted finance-related transactions in the Philippines from February to April this year, based on anonymized data voluntarily provided by Kaspersky customers.
The cybersecurity company detected and blocked phishing attacks against three financial categories namely, banks, e-commerce stores and payment systems.
Statistics from Kaspersky Security Network (KSN) revealed that phishing attempts in the Philippines is higher than in Indonesia (65.90percent), Singapore (55.67 percent), Thailand (55.63 percent), Malaysia (50.58 percent) and Vietnam (36.12 percent).
In all three finance categories during the same threemonth period, Kaspersky data showed that there were one in two (58.50 percent) phishing attempts against payment systems in the country such as credit cards, debit cards, and mobile payment apps or e-wallets. This number is the highest among countries in SEA.
On the other hand, the same data also showed that phishing attempts in local banks was the lowest in the region at only 2.17 percent, while phishing attempts versus e-commerce shops in the country was the second lowest among SEA countries at 8.28 percent.
The percentages are from anonymized data based on the triggering of the deterministic component in Kaspersky’s Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an e-mail message or on the web, as long as links to these pages are present in the Kaspersky database.
“Alongside the increased adoption in digital transactions here in Southeast Asia, we also see the rise of ‘Super Apps’ in the region. These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel bookings, and even investments. Putting our data and digital money in one basket can trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Super Apps are traditional banks and service providers’ way of standing out in a rather crowded industry. As they try to work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more doors to a malicious exploit, he explained.
Phishing has remained to be the most effective trick on cybercriminals’ sleeves. It is a known way to crack into a user’s or even a company’s network by playing on a user’s emotions.
A possible scenario is given that one app has all the financial details of a user, a simple phishing link asking for the user’s credentials can compromise all the data available in the app. This magnifies the possible damaging effects of this threat.
“It is known that cybercriminals follow the money trail, so it is important for banks, app developers, and service providers to integrate cybersecurity from the beginning of application development. We expect hackers to target the rising Super Apps, both its infrastructure and its users through social engineering attacks. We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users in this period where phishing attacks continue to thrive,” added Yeo.
While security systems are in place in most financial companies to protect customers from falling victim to suspicious activities, it is true that prevention is better than cure; much more can be proactively done at both the individual and bank level.
For enterprises, the most important method of protection is to keep in mind that cybersecurity should be a “living” strategy, not a static platform. This will blend technology and effort, and is constantly upgraded, updated and improved.
Banks and service providers need to ensure a security team (or security experts) that will be able to ensure cyber defense infrastructure is updated, and will be able to provide support in the event of a cyber attack.