Indonesian users of one cybersecurity firm’s solutions were the most attacked in South-east Asia last year

In 2022, data from one cybersecurity firm’s user base showed 822,536 incidents of financial phishing attempts targeted at customers in South-east Asia (SEA).

In this case, “financial phishing” refers not only to banking-specific phishing but attempts targeting payment systems (PayPal, MasterCard, American Express, Visa and others) and e-commerce sites such as Amazon, Apple Store, Steam, and eBay.

The firm’s customers from Indonesia chalked up the highest number of financial phishing incidents (208,238), with those from Vietnam coming-in second close with 172,694. Malaysia customers recorded 120,656 financial phishing attacks. Thailand logged 101,461, followed by the Philippines with 52,914, and Singapore with 22,109.

Among the other phishing emails that gained a significant number of clicks were:

    • Fake emails regarding reservation confirmations from a booking service (11%)
    • Fake notifications about an order placement (11%)
    • A fake announcement about an IKEA contest (10%)

In almost all attacks, a phishing email was usually the first step in tricking victims into opening malicious mails and activating and responding to malicious links and prompts.

According to Yeo Siang Tiong, General Manager (South-east Asia), Kaspersky, the firm announcing its 2022 findings on phishing trends: “It’s interesting to see companies being targeted by financial phishing but we have to remember here that businesses, at their core, are still made up of humans. Cybercriminals know that the workforce remains a loophole they can exploit easily to launch a cyberattack against a company.”

Organizations are reminded to conduct phishing drills and training to acquaint all employees with the skills and alertness needed to spot suspicious emails, attachments and social media content. Education should be aimed at changing the behavior of learners and teaching them how to deal with threats. When all human vigilance fails, networks with Extended Detection and Response (XDR) incorporated can kick in to intercept attacks or prompt employees of potential danger.