Phishing attacks in e-commerce, banks double in 2nd quarter

PHISHING detections in local e-commerce and banking sectors doubled in the second quarter of 2022 in the Philippines, compared to the first three months of the year, according to the new data released by cybersecurity and digital privacy company Kaspersky.

Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes stealing passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from providers, e-payment systems, banks, and other organizations.

Kaspersky said it recorded 77,092 phishing incidents in the second quarter among its e-shop customers in the country from only 15,119 in the first quarter. This reveals a 409 percent surge in phishing attempts from April to June this year as consumers switched heavily to online shopping triggered by the pandemic.

Currently, top local e-commerce platforms enjoy brisk sales in beauty, electronics, fashion, furniture, health and household care products.

Kaspersky said the data collected were from its Anti-Phishing system on user computers. The system detects all pages with phishing content that a user has tried to open by following a link in an e-mail message or on the web, as long as links to these pages are present in the Kaspersky database.

The rise in the percentage of phishing detections in its e-commerce industry puts the Philippines in third place among its Southeast Asian neighbors next to Malaysia (572.48 percent) and Indonesia (443.33 percent).

Phishing in banks

Meanwhile, among its local bank customers, Kaspersky shared that 8,454 phishing incidents were recorded in the second quarter up from 4,746 detections in the first quarter, or a 78 percent increase within the first half of the year. The rise in global detections for the same period is only 28 percent.

From the same report, phishing attacks against Philippine-based payment systems went down by 19 percent. There were 132,125 detected phishing attempts in the first quarter among Kaspersky users in the payment system sector. Three months later, it went down to 105,986 incidents.

The decline in local numbers is relatively similar to the global trend at 31.58 percent.

In the payment system sector, all countries in the Southeast Asian region showed a decrease in phishing attacks in varying degrees with the Philippines in the third spot trailing behind Thailand (-32.54 percent) and Malaysia (-20.66 percent).

“The first half of the year witnessed the reopening of borders in Southeast Asia, but the pandemic habits seem to remain consistent. Despite our regained physical freedom, we know that we still prefer to do our banking, shopping and financial activities online because of its unparalleled convenience,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, in a statement.

While regulators and industry players in the region are all backing a digital-forward Southeast Asia with some countries poised to link their QR code payment systems before the year ends to remove currency exchange hassles, Yeo reminded both the private and public sectors of the risks involved and the multiple layers of protection that the countries should invest in.

“It is a welcome development with possible great economic gains, for us and the cyber criminals. With most users here aware of the threats targeting our online money, it is time to act now and secure your mobile devices to enjoy the perks of a more connected, regional financial environment,” he said.

More than installing reliable security solutions with anti-phishing and secure payment capabilities, Kaspersky said the best defense against phishing is being informed and discerning of the emails and other messages users receive.

“There is no harm in being too cautious, especially since most of the financial transactions are now done online in pursuit of digitalization,” the company said.