Financial phishing remains a growing threat to businesses and organisations in Southeast Asia, with a marked increase in the number of attacks observed in the first half of 2024. According to data from Kaspersky, anti-phishing technologies detected 336,294 phishing attempts targeting companies across the region between January and June. These attacks predominantly aimed at stealing sensitive data, including login credentials, financial details, and corporate information, were disguised as legitimate communications from trusted financial entities such as banks, e-commerce platforms, and payment systems.
The rise in financial phishing has been attributed to several factors, primarily the region’s increasing digital adoption and the growing sophistication of cybercriminals. The number of phishing incidents during this period marked a significant 41 percent increase compared to the same timeframe in 2023. Cybercriminals have become more adept at using advanced tactics, such as artificial intelligence and automation, to craft highly convincing fraudulent content that makes it harder for victims to distinguish between legitimate communications and scams.
Financial phishing is a subset of phishing attacks that target individuals and businesses within the financial sector. These attacks often employ social engineering techniques, tricking victims into revealing personal or financial information by posing as banks, payment systems, or other trusted financial institutions. In some cases, attackers also impersonate charitable organisations to manipulate victims into making false donations.
In Southeast Asia, Thailand recorded the highest number of financial phishing incidents in the first half of 2024, with 141,258 attacks, a staggering 582 percent increase from the previous year. Indonesia followed with 48,439 phishing attempts, while Vietnam and Malaysia reported 40,102 and 38,056 attacks, respectively. Singapore and the Philippines experienced fewer attacks, with 28,591 and 26,080 incidents, respectively. Despite these lower numbers, Singapore also saw a sharp rise in phishing activities, with a 406 percent increase compared to the previous year.
The rapid escalation of financial phishing in Southeast Asia is largely driven by the rapid shift towards online banking and digital financial services, which has broadened the pool of potential victims. As more individuals and businesses conduct financial transactions online, the opportunities for cybercriminals to exploit vulnerabilities and access sensitive data have multiplied. The heightened use of remote working and digital payment methods has made companies and their employees even more vulnerable to these attacks.
Experts from Kaspersky have warned that financial phishing will likely continue to evolve in sophistication and volume. They predict that banking, insurance, and e-commerce sectors will remain prime targets for cybercriminals, as these industries handle large volumes of sensitive financial data. Traditional phishing techniques, such as fraudulent emails and fake websites, will continue to be used, but cybercriminals are also increasingly leveraging social media and messaging platforms to distribute malicious links and fake apps.
One of the biggest threats in this new wave of phishing attacks is the use of deepfake technology. With the rise of fake videos and voice messages, scammers are able to impersonate trusted individuals, such as executives or employees, with remarkable realism. These fake communications are harder to detect and can be particularly dangerous in organisations where trust in internal communications is high. As a result, businesses are being urged to bolster their cybersecurity efforts and adopt more comprehensive and proactive security measures.
To safeguard against phishing and other cyber threats, experts recommend several practical steps for businesses. Keeping software updated on all devices is crucial to closing potential security gaps that could be exploited by attackers. Regular data backups should also be performed to ensure that vital information can be restored in case of an attack. It is also essential for businesses to maintain strong security practices, such as using two-factor authentication for remote access and monitoring network activity for any signs of unusual behaviour.
Organisations are encouraged to set up Security Operations Centres (SOCs) that use advanced tools to monitor and respond to cyber threats. The implementation of Security Information and Event Management (SIEM) systems, such as Kaspersky’s Unified Monitoring and Analysis Platform, can provide real-time visibility into security incidents and help companies detect and mitigate attacks more effectively. For smaller businesses or those without dedicated IT security teams, managed services like Kaspersky’s Managed Detection and Response (MDR) offer additional expertise to strengthen their cybersecurity posture.
Training employees and raising awareness about cybersecurity risks is another critical aspect of protecting organisations from phishing attacks. Kaspersky advises companies to educate their workforce on how to identify phishing attempts and avoid falling victim to scams. This includes using security awareness platforms to provide training and simulations that help employees recognise and respond to phishing attempts. Executives and senior leadership are also encouraged to undergo specialized training, as their positions make them attractive targets for sophisticated phishing campaigns.