Phishing is on the rise with more than 1.6 million attempts to transfer users to phishing pages via links within emails blocked from January to June, showing small and medium businesses need cybersecurity improvements in the context of continued remote working.
The second quarter of every year often saw phishers relaxing given that the months of April to June are usually vacation period across the globe. However, triggered by the still ongoing pandemic, this year’s second quarter proved to be productive for malicious actors online.
According to Kaspersky’s latest statistics, cybercriminals targeting small and medium businesses (SMBs) in Southeast Asia (SEA) spent their months seeding phishing emails proactively. The global cybersecurity company’s anti-phishing software applications prevented 1,602,523 phishing attempts against companies with 50-250 employees, a 39% increase compared with the same period last year.
Data showed that, in the first half of this year, Kaspersky has foiled the most phishing attempts in the region against SMBs in Indonesia, Malaysia, and Vietnam. Singapore tolled the fewest phishing emails in the region, but still witnessed an increase of 60.5% compared with the same period last year.
On a worldwide scale, Brazil was the country to have the most phishing emails prevented by Kaspersky in the second quarter of 2020, next to Russia, France, Columbia and the United States of America.
“According to our telemetry, phishing attempts remained a rising threat to SMBs in the region from the first quarter until the second quarter of the year. This can be triggered by the fact that most of the lockdown measures across Southeast Asia were implemented by the end of March, which then welcomed the second quarter with millions of first-time remote workers,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Globally, top phishing topics include campaigns using the coronavirus as bait, such as mask selling scams, donation requests for coronavirus vaccine research funding, scams exploiting coronavirus fears, pandemic-related bonuses and “compensations”. Other themes being exploited are employee performance appraisals, important messages from HR or admin, urgent password check requests, urgent press release notices, email back-up notices, among others.
“Cybercriminals are making use of the current chaos to commit social engineering attacks such as phishing emails. By including hot topics and phrases related to the COVID-19 pandemic in their messages, the chances of an unsuspected user clicking infected links or malicious attachments increase tremendously. Threats are also harder to track over personal home networks. Add in the reality that we are all strained mentally which makes as more vulnerable to committing mistakes, it is essential for SMBs to acknowledge that working from home increases cybersecurity risks and take the necessary steps to protect the data and the cash flow that they still have,” Yeo adds.
To help SMBs train their employees, Kaspersky is offering a three-month free Automated Security Awareness Training which aims to help small and medium enterprises kick-start their company’s cybersecurity culture. This program is available until end of September 2020 and works with up to 500 users. Interested business owners can find out more about this by visiting this link: www.k-asap.com