KUALA LUMPUR, June 20 — The payment system remains most targeted by financial phishing attempts in Malaysia with March 2022 recording the highest detections of the threat at 41.09 per cent, Kaspersky said.
The global cybersecurity company said February 2022 witnessed the cybercriminals eyeing to victimise users through banking, payment system and online shopping at 52.43 per cent, just 1.57 per cent lower than the overall South-east Asia region in terms of finance-related phishing attempts.
“The percentages are from anonymised data based on the triggering of the deterministic component in the Kaspersky’s Anti-Phishing system on user computers,” it said in a statement today.
It said the component detected all pages with phishing content that the user has tried to open by following a link in an e-mail message or on the web as long as links to these pages are present in the Kaspersky database.
It said banking and payment system phishing attempts might have been lower since April 1, 2022.
“This was the announced start of Malaysia’s border reopening to international travellers as well as for Malaysians to travel abroad without the need to quarantine,” it said.
However, it said online shopping phishing attempts went up in April to 8.67 per cent with the possibility of many looking into online deals that might have promised lucky draws.
It said phishing has remained to be the most effective trick on cybercriminals’ sleeves as is a known way to crack into a user’s or even a company’s network by playing on a user’s emotions.
“A possible scenario is given that one app has all the financial details of a user, a simple phishing link asking for the user’s credentials can compromise all the data available in the app.
“This magnifies the possible damaging effects of this threat,” it said.
South-east Asia general manager Yeo Siang Tiong said Kaspersky also saw the rise of “Super Apps” in South-east Asia alongside the increased adoption of digital transactions in the region.
“These are the mobile applications that combine all popular monetary functions including e-banking, mobile wallets, online shopping, insurance, travel bookings and even investments.
“Putting our data and digital money in one basket can trigger an aftermath snowball with the impact of a phishing attack swelling at an unforeseeable rate,” he said.
He said cybercriminals are known to follow the money trail, therefore, it is important for banks, app developers and service providers to integrate cybersecurity from the beginning of application development.
“We expect hackers to target the rising “Super Apps”, both its infrastructure and its users through social engineering attacks.
“We urge all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users in this period where phishing attacks continue to thrive,” he added. — Bernama