CEBU, Philippines — The Philippines ranked fifth among countries in Southeast Asia with the most phishing attacks in 2022 with delivery service sites as top targets.
Based on the list released by the cybersecurity and digital privacy company, Kaspersky, the Philippines recorded 4,559,288 phishing incidents in 2022, alongside Vietnam (17,847,857), Malaysia (8,267,013), Thailand (6,283,745) and Indonesia (4,931,367).
In 2022, global phishing attacks frequently targeted users of delivery services, making up 27.38 percent of all attempts blocked by Kaspersky solutions. Scammers use emails under the guise of well-known delivery companies claiming issues with shipments. Each email will have a link to a fake website asking for personal information or financial details. Should a victim fall for the scam, their identity and banking data could end up being sold to websites on the dark web and they could lose it for good.
Online stores (15.56 percent), which were popular with attackers during the pandemic, were the second most targeted phishing attacks while payment systems (10.39 percent) and banks (10.39 percent) both tied for third place.
The rating of organizations targeted by phishers is based on the triggering of the deterministic component in the Anti-Phishing system on user computers. The component detects all pages with phishing content that the user has tried to open by following a link in an email message or on the web, as long as links to these pages are present in the Kaspersky database.
In 2022, a total of 43,445,502 phishing attempts that targeted the devices of Kaspersky’s individual and enterprise users in the region were prevented by Kaspersky's Anti-Phishing system to follow phishing links.
A recent report from one of Southeast Asia’s super app that provides deliveries and mobility services in the Philippines revealed that seven in 10 consumers say that delivery is now a permanent part of life.
The convenience and immediacy of this service are the top reasons for consumers.
According to the same report, delivery platforms in the Philippines have even turned into search engines for food and merchant discoveries among users.
The food delivery platform’s gross merchandise value in Southeast Asia was noted to have reached a five percent year-on-year increase or an equivalent of US$16.3 billion, primarily driven by a few small markets in the region including the Philippines.
“When it comes to scamming people online, phishing remains to be the tried and tested modus operandi of cybercriminals due to its cost-effectiveness and profitability. A malicious mail with a phishing link that leads to a phishing page lays the foundation for an attack that will eventually result in identity theft, financial loss, and damage to the reputation of both individuals and businesses. Protecting corporate and personal data is an urgent necessity for everyone in the Philippines and in the region,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
In Kaspersky’s previous studies, the average cost of a data breach for small and medium businesses (SMBs) from 2017-2021 is $104,400 (or P5.8 million in today’s forex). The highest recorded financial impact was $120,000 in 2018 which went down to $108,000 and $101,000 in 2019 and 2020, respectively, during the pandemic. It has gone up slightly to $105,000 in 2021.
Recent data from the Cybercrime Investigation and Coordinating Center (CICC) revealed at least 73 percent of consumer data from micro, in the country are lost to cybercriminals.
“Recently, we’ve seen an increase in targeted phishing attacks where scammers don’t immediately move on to the phishing attack itself, but only after several introductory emails where there is active correspondence with the victim. Our experts predict that this trend is likely to continue. New tricks are also likely to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers,” added Hia.
In order to avoid being victimized, Kaspersky recommended precautionary steps such as; Learn to recognize phishing attacks: make sure you are familiar with all types of phishing attacks look like. When you receive them, delete them immediately; Report phishing attacks—this will allow companies to step up security and ensure they’re keeping customer accounts safe; Get antivirus and anti-phishing software-- Most digital security companies have software that has anti-phishing components built-in; Use an antivirus program that would also remove any virus on the computer and that would help heal any damage done if any bad actors had installed malware on your devices.