According to one cybersecurity firm’s data, bait topics favored by cybercriminals included COVID-19, non-existent video conferences, and ‘new corporate services’

Southeast-Asia’s small- and medium-sized enterprises (SMEs) have suffered an onslaught of phishing attacks during the continuing pandemic.

One cybersecurity company’s SME customers had a total of 2,890,825 attempts blocked for them: a 20% increase compared with the 2,402,569 attempts detected in 2019.

Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organizations, or can take form of an almost 100% perfect replica of a trusted website, to which victims could be lured to submit personal data.

According to Kaspersky, in terms of per country cases of phishing targeting companies with 50–250 employees, Indonesia registered the most incidents in 2020, followed by Thailand, and Vietnam. Each of them logged over half a million attempts.

Malaysian, Filipino, and Singaporean SMEs were not spared, with these nations charting a combined 795,052 attempts to visit phishing websites from January to December last year.

Phishing detections against SEA SMEs with global ranking in 2020 based on Kaspersky Anti-Phishing Technology

SMEs in all six countries in the region have also witnessed an increased phishing attempts, an expected aftermath of the segment’s urgent drive to digitalize amidst the pandemic.

Said the firm’s General Manager (South-east Asia), Yeo Siang Tiong: “While they serve as the bedrock of our regional economy, SMEs are low-hanging fruits for cybercriminals. These malicious actors are aware that owners are focused on keeping their cash flow more than their cybersecurity, at least for now. Social engineering attacks such as phishing are also the easiest way in. We expect to see this threat being used more to steal money and data from this already battered segment.”

Last year’s top 10 countries in terms of phishing attempts against SMEs were Brazil, Russia, USA, France, Italy, Mexico, Germany, Colombia, Spain, and India. On a worldwide scale, online phishers exploited the COVID-19 theme, invited victims to non-existent video conferences and insisted that their targets register with ‘new corporate services’.  

An emerging phishing trend

An important trend which businesses in SEA should take note of is the wave of phishing links and mails being shared via online networking platforms.

Kaspersky experts have observed that scammers who were spreading their chain mail via social networks and instant messaging applications began to favor the latter in 2020. Message recipients were promised a discount or prize if they opened a link sent to them. The phishing web page usually contains a tempting message about a monetary prize, award or other equally-desirable ‘surprise’.

According to Yeo: “Amidst the uncertainties, one thing I can say for sure is that, building your IT security is always less costly than suffering a cyberattack.”