Cybercriminals utilised financial phishing links to infiltrate businesses in Southeast Asia (SEA). This is according to recent data from the global cybersecurity and digital privacy company, Kaspersky.
In 2024, Kaspersky’s business security solutions successfully blocked more than half a million attempts to follow a financial phishing link on businesses’ devices in SEA.
“Financial phishing” specifically targets banking, payment systems, and online retailers. This includes fake websites designed to mimic trusted payment platforms, aiming to deceive users into revealing financial information.
“The sheer volume of financial phishing attempts we’ve detected in business devices in Southeast Asia is alarming. The region has become a hotspot for cybercriminals due to its booming digital economy, which is projected to reach $1 trillion by 2030. It is clear that cybercriminals are exploiting the region’s rapid digital adoption, and businesses must remain vigilant,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Between January and December of last year, Kaspersky intercepted and thwarted a staggering 534,759 financial phishing attacks aimed at businesses across the region, spanning small enterprises to large corporations. These figures are instances where users clicked on phishing links distributed through a variety of platforms—emails, counterfeit websites, messaging apps, social networks, and more.
The highest number of financial phishing attempts targeting business organisations was detected in Thailand (247,560), followed by Indonesia (85,908), and Malaysia (64,779). Firms in Vietnam faced this threat 59,560 times last year, while Singapore and the Philippines logged the least number of incidents with just over 38,000 attempts each.
“The rise of AI gave way to more convincing fake websites that falling prey is easier than spotting and avoiding them. At the same time, the region’s diverse regulatory landscape and varying levels of cybersecurity maturity among businesses make it an attractive target for financially motivated attacks. Now more than ever, it’s critical for businesses here to have the right tools and the access to real-time threat intelligence that they need to stay ahead of these threats,” adds Yeo.
In order to avoid becoming a victim of phishing-based scams, Kaspersky experts advise the following for individuals:
- Only open emails and click links if you are sure you can trust the sender.
- When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication.
- Check the spelling of a website’s URL if you suspect you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.
- Use a proven security solution when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and phishing campaigns.
For businesses:
- Run regular security awareness training for employees. This will equip them with the knowledge to resist social engineering techniques and spot cybercriminal tricks early. For example, in the case of the Booking.com e-mail scam, this can be done with the naked eye — just pay attention to the From A large and reputable service like Booking.com would never send notifications from a free e-mail address. Furthermore, a website mimicking the login page may hosted on a third-party domain that’s completely unrelated to the travel platform.
- Implement protection at the e-mail gateway level. While employees might still receive pesky e-mails from scammers, phishing and malicious links along with dangerous attachments won’t ever reach their inboxes.
- Install robust security solutions with anti-phishing technology on all devices used for work.
