The demand for making transactions, payment and giving lucky money online has soared these days, giving
During this month, payment systems were the most common phishing cases detected by Kaspersky, representing 11.77 percent of all phishing and over 44 percent of financial phishing.
The increase in online transactions in Vietnam during the pandemic has facilitated the proliferation of phishing with pages impersonating popular payment systems such as Visa, Mastercard, PayPal, and more.
The percentages are from anonymised data based on the triggering of the deterministic component in the Kaspersky’s Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an e-mail message or on the web, as long as links to these pages are present in the Kaspersky database.
As more and more users shop online, phishing attempts targeting e-shops also increase, accounting for 30 percent of financial phishing cases. Bank-related phishing, with the example below showing pages impersonating Vietcombank, one of the most common internet-banking systems in Vietnam, accounts for 6.46 percent of all phishing cases.
Notably, financial phishing is recorded as a common form in Southeast Asia, accounting for more than 40 percent in most countries in this region. The Philippines is the country with the highest rate of financial phishing attacks with 64.03 percent, followed by Thailand with 56.35 percent.
Meanwhile, Vietnam has the lowest rate of financial attacks in the region with 26.36 percent, much lower than the average rate of SEA (43.06 percent). This significant figure could be attributed to Vietnam’s effort in boosting data and financial security awareness amidst the rise of mobile banking and e-wallet adoption in the region.
“Alongside the increased adoption in digital transactions here in Southeast Asia, we also see the rise of “Super Apps” in the region. These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel bookings, and even investments. Putting our data and digital money in one basket can trigger an aftermath snowball, with the impact of a phishing attack swelling at an unforeseeable rate,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Super Apps are traditional banks and service providers’ way of standing out in a rather crowded industry. As they try to work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more doors of a malicious exploit.
A possible scenario is given that one app has all the financial details of a user, a simple phishing link asking for the user’s credentials can compromise all the data available in the app. This magnifies the possible damaging effects of this threat.
“It is known that cybercriminals follow the money trail, so it is important for banks, app developers, and service providers to integrate cybersecurity from the beginning of application development. We expect hackers to target the rising “Super Apps”, both its infrastructure and its users through social engineering attacks. We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users in this period where phishing attacks continue to thrive,” adds Yeo.
While security systems are in place in most financial companies to protect customers from falling victim to suspicious activity, it is a truth that prevention is better than cure; much more can be proactively done at both the individual and bank level.
For enterprises, the most important method of protection is to keep in mind that cybersecurity should be a “living” strategy, not a static platform. This will blend technology and effort, and is constantly upgraded, updated, and improved.
Banks and service providers need to ensure a security team (or security experts) who will be able to ensure cyber defence infrastructure is updated and will be able to provide support in the event of a cyber-attack.