Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
AI agent executes end-to-end ransomware attack via development platfor...
ICAC Commissioner attends first IAACA European regional anti-corruptio...
Research: Asian enterprises advancing AI without resilience strategies...
Penta Security Sets the Benchmark for Web Application Security, Earnin...
India bank domain registry exposed sensitive data in security lapse: e...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

NewsTips

With AI powering seasonal e-shopping fraud and scams, what can CISOs do?

By L L Seow | Friday, February 13, 2026, 2:54 PM Asia/Singapore

With AI powering seasonal e-shopping fraud and scams, what can CISOs do?

As fraudsters and malicious groups target this year’s numerous upcoming e-commerce holidays, security leaders will need updated strategies to stay ahead.

Across the Asia Pacific region (APAC), from Tokyo to Sydney and Mumbai to Seoul, online retail continues to surge — and so does the criminal innovation that follows it.

The convergence of seasonal festivals such as new year celebrations, Valentine’s day, major public holidays and e-commerce sales campaigns throughout the year is just prime hunting ground for cybercriminals.

From the Philippines to India and Singapore to Australia, threat intelligence firms and law enforcement agencies are warning that 2025 marked a turning point: attackers are no longer opportunistic, but industrialized, automated, and regionally coordinated.

According to Jess Ng, Fortinet’s country head for Singapore and Brunei, post-2025 cyberattacks and scams “are increasingly powered AI. Cybercriminals now use AI-generated phishing messages, automated credential stuffing tools, and website cloning services to create scams that appear highly convincing and personalized. Combined with the exploitation of known vulnerabilities in popular e-commerce platforms, these techniques allow attackers to move quickly and at scale, sometimes even before victims realize something is wrong.”

How attackers are scaling across APAC

In the weeks leading up to peak shopping periods, threat actors register thousands of domains that mimic legitimate retailers, payment services, and logistics providers. These are then used for phishing, fake stores, and gift‑card fraud, often supported by underground marketplaces that sell stolen credentials and compromised accounts at “Black Friday–style” discounts.

According to Kaspersky’s regional managing director Adrian Hia, “the holiday season creates a high‑risk environment for online scams. In the Philippines include phishing emails and text messages… fake online stores and promo pages offering unrealistically low prices… and fraudulent payment requests sent through messaging apps… and account takeover attempts.”

In Japan, authorities and cybersecurity firms are flagging the holiday period as a high‑risk window for ransomware and disruption of critical infrastructure, including logistics and manufacturing.

A Japan Times report had reported that “55% of ransomware attacks in APAC occurred on a weekend or holiday, while 60% followed a significant business event such as a merger,” underscoring how attackers time their operations to coincide with staffing gaps and heightened distraction.

In Singapore, police have repeatedly warned that parcel‑delivery‑themed phishing scams spike during the festive shopping season. In an advisory published by Channel NewsAsia, the Singapore Police Force said at least 360 people had fallen victim to such scams in the first 11 months of the year, with losses exceeding S$560,000.

In a recent comment, analysts from Veriff, had noted: “From account takeovers and refund abuse to increasingly sophisticated authorized fraud powered by AI and deepfakes, online merchants and marketplaces are facing threats that traditional controls can no longer stop. To protect revenue, customers, and brand trust, leading ecommerce organizations are shifting toward a layered, identity‑first approach, combining AI‑driven identity verification, biometrics, and ongoing authentication throughout the user journey.”

Tackling the AI-powered cyber scam surge

For C‑level executives across the region, the message is clear: holiday‑season cyber risk is no longer a “consumer problem” but a strategic resilience issue.

Fortinet and other analysts are stressing that organizations must assume attackers are planning months in advance and are ready to exploit staffing gaps, known vulnerabilities, and peak‑traffic periods. According to Ng: “For businesses, complacency is no longer an option. Proactive security measures such as keeping e-commerce platforms and plugins fully updated, securing administrative access, monitoring for lookalike domains, and deploying fraud and bot-detection tools are essential during high-traffic periods. Equally important is consumer education. Businesses that actively inform customers about common scams and safe shopping practices help strengthen trust and reduce downstream fraud.”

Other industry recommendations for keeping e-commerce a smooth, safe experience in 2026 include:

  • Strengthening visibility into account‑takeover and credential‑stuffing activity
    • Deploy AI driven bot management and credential phishing detection that flag suspicious login patterns, brute force attempts, and anomalous transaction behaviour in real time
    • Layer device fingerprinting and behavioral analytics to detect repeat offender devices, mismatched locations, and sudden changes in spending or session patterns
  • Monitoring for look‑alike domains and fraudulent ads
    • Use threat intelligence driven domain monitoring and DNS /web filtering to block fake shopping domains, phishing pages, and brand impersonation campaigns before they reach customers
    • Integrate brand protection and ad fraud monitoring tools that scan for counterfeit landing pages, spoofed social media ads, and fake marketplaces mimicking brands
  • Ensuring 24/7 monitoring and incident‑response coverage during shutdown periods
    • Maintain continuous SOC-style coverage across peak season and holiday windows, including automated alerting and playbooks for account takeover spikes, payment fraud surges, and ransomware driven disruption
    • Implement automated fraud detection and takedown workflows so suspicious transactions, fake listings, and fraudulent accounts can be quarantined or blocked without waiting for manual review
  • Embedding cyber‑awareness into customer‑communication channels (e.g., in‑app warnings, SMS‑based scam alerts)
    • Require multi-factor authentication for admin, merchant, and high privilege accounts, and enforce strong password policies and role based access to e commerce platforms and payment systems
    • Apply risk based authentication so that step-up verification (e.g., biometrics, OTP) is triggered for high value transactions, new devices, or unusual geolocation patterns
  • Hardening e‑commerce platforms and third‑party integrations
    • Keep all platforms, plugins, and third‑party widgets up to date, and remove unused components that can be exploited via known vulnerabilities
    • Enforce HTTPS‑only, secure cookies, and strict‑CSP policies on checkout and admin flows to reduce the impact of injection and session‑hijacking attacks
  • Adopting a layered, identity‑first fraud‑prevention stack
    • Combine identity verification, device intelligence, transaction‑risk scoring, and behavioral analytics into a single, continuously learning system that adapts as fraud tactics evolve
    • Use adaptive rules and human‑in‑the‑loop review to balance fraud‑detection precision with low false‑positive rates that protect conversion and CX
  • Building resilience around payment and refund‑fraud vectors
    • Monitor for authorized‑fraud patterns (e.g., multiple declined transactions followed by one large approval, high‑risk shipping‑address changes, mismatched billing/shipping regions)
    • Implement refund‑abuse controls, including stricter review for high‑value or repeat‑refund requests and tighter linkage between identity, device, and transaction history.
  • Conducting rapid risk assessments and pilot controls
    • Run quick, targeted risk‑assessments of checkout flows, seller‑onboarding, and dispute‑resolution processes to identify where most losses and false positives occur
    • Pilot new controls (e.g., identity‑verification layers, bot‑management rules) on a subset of traffic before rolling out globally, measuring impact on fraud, chargebacks, and conversion.
  • Designing for “prevention over remediation” and trust‑at‑scale
    • Treat fraud‑prevention as a revenue‑protection and trust‑building lever, not just a compliance or security cost, by stopping fraud before fulfillment and protecting customer data
    • Align brand‑protection, fraud‑prevention, and security teams so they share threat‑intelligence feeds, domain‑monitoring alerts, and scam‑takedown playbooks across regions
  • With region-wide concerted efforts by all stakeholders, festive e-shopping seasons this year will not be treated just as commercial peaks, but as critical periods for cybersecurity vigilance.

Share:

PreviousDigital gold for predators on Valentine’s Day
NextDefense industrial bases face evolving cyber threats in 2026: analysis

Related Posts

Can AI be both the toxin and the antidote in 2024?

Can AI be both the toxin and the antidote in 2024?

Wednesday, December 20, 2023

Will a US$1.6bn lesson in crypto security failure attract even larger heists in 2025?

Will a US$1.6bn lesson in crypto security failure attract even larger heists in 2025?

Wednesday, February 26, 2025

How did trust levels in digital services fare worldwide in 2024?  

How did trust levels in digital services fare worldwide in 2024?  

Wednesday, April 2, 2025

Has shifting to a remote-force also meant more IT outsourcing?

Has shifting to a remote-force also meant more IT outsourcing?

Monday, February 1, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Penta Security Sets the Benchmark for Web Application Security, Earning Frost & Sullivan’s 2026 South Korea Company of the Year Recognition

    Thursday, July 2, 2026
    By combining intelligent threat detection, …Read More »
  • SK shieldus Receives Frost & Sullivan’s 2026 APAC Customer Value Leadership Recognition for Excellence in Cybersecurity Services

    Monday, June 29, 2026
    The company is recognized for …Read More »
  • Global Tech Shift: Tune Talk Launches World’s First Network-Enforced Child Safety Mobile Plan, Bypassing App-Level Limitations

    Saturday, June 27, 2026
    PETALING JAYA, Malaysia, June 26, …Read More »
  • DJI Enterprise Advances Industry with New Framework for Dock as First Responder (DFR) Deployments

    Thursday, June 25, 2026
    New White Paper Outlines Best …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.