Phishing scams dominate the Philippines cybercrime landscape

• Cybercrime in the Philippines is on a rapid rise, with phishing campaigns alone up 200% since the country went into lockdown in March

In today’s highly-digitalized society, wanton cybercrimes have proven to be difficult to eradicate, and the cyberattack threat matrix just got riskier when recent quarantine and lockdown restrictions forced everyone indoors. Not only did emboldened bad actors crawl out of the woodwork with even more potent malware and phishing scams, but the targeting of institutions and work-from-home staff is at an all-time high.

In the Philippines, the pandemic has brought out the worst in some opportunists, and in the virtual realm, it appears phishing attacks are the cyber weapon of choice. The Philippines has been trying to enforce legislation on engineered phishing scams for years now, but with so many Filipinos online all the time during the pandemic, the National Bureau of Investigation’s Cybercrime Division recorded a 200% increase since the lockdowns started back in March.

Phishing is being listed by Philippine authorities as the top cybercrime being committed in the country during the COVID-19 pandemic, followed by online selling scams and the spread of fake news. But phishing schemes– where scammers hijack the identity of a trusted person or institution in order to gain access to personal or sensitive data– is the undisputed number one cybercrime in the archipelago.

Phishing scams attempt to take advantage of a perceived lack of digital literacy in the country, sending emails, calls, or text messages from (often near-identical to the source they are imitating) false or stolen identities, in order to convince the victim to click on fraudulent links, or otherwise divulge personal information somehow including data such as passwords, bank account information, and other confidential data.

Remote working employees and businesses are often targeted, with increasingly personalized virtual lures. And large corporations and financial institutions are not exempt due to their heightened cybersecurity measures, if anything they are more at risk as bad actors will often imitate the bank or financial service to gain access to your financial information.

Such was the case at US financial services giant Wells Fargo, where around 15,000 customers were targeted in a clever phishing campaign where unwitting victims would be duped into adding a calendar invite that would lead to the phishing page.

Cybercrime in the Philippines

A worrying trend that cybersecurity observers in the Philippines have noticed is that some of the larger organizations and individuals might not be reporting incidents of their personal data being breached, owing to stigma in the country that could view a loss of such critical data as an indicator of disrepute. Some victims might choose to keep mum on a phishing attack, electing to protect their reputations instead.

Hence the phishing and cybercrime rates might be even higher than previously reported, and Filipino cybersecurity practitioners state that many businesses are not aware of the full extent of the threats against them, including some companies who place the fault on the users who clicked on suspicious items, and did not carry out any further investigation.

The co-founder of the National Computer Emergency Response Team (NCERT) Division under the Cybersecurity Bureau, Milo Pacamara, warns Philippine digital citizens to constantly be vigilant especially when required to hand out sensitive data, including from what looks like a trustworthy source that has been used many times.

Pacamara says sometimes, even opening a document or activating a cloud-based application could trigger an unwanted data download or transfer. “Some files and links are designed with embedded scripts to run silently upon click and execution to run malicious command in the background and could scrape your phone or computer with vital data,” revealed Pacamara.

With cybercrime on the upswing everywhere, it is up to the individuals and vulnerable target organizations to ensure that their cybersecurity is up-to-date, staying appraised of the latest in cyber scams and emerging threats, building up their resiliency to withstand the post-pandemic cyberthreat climate.

---

---

---

---