Over 11 million phishing emails blocked in Southeast Asia

Phishing emails are a big problem for all organizations today. Despite numerous training exercises on employees, many still fall prey to phishing emails and end up compromising the organization they work for.

While some employees are now paying attention to the emails they receive, including the links in them, cybercriminals are also constantly coming up with new methods to deliver their spam and phishing messages to both individuals and businesses. In fact, cybercriminals today are armed with the knowledge of the latest trends and are taking advantage of the seismic shift in digital habits during the pandemic to launch social engineering attacks.

According to data by Kaspersky, a total of 11,260,643 phishing links were blocked by its Anti-Phishing system in Southeast Asia alone. Most of the phishing emails were blocked on devices of Kaspersky users in Vietnam, Indonesia and Malaysia.

For Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, the 11 million phishing attempts in a year in Southeast Asia is just the tip of the iceberg, especially with email being the main form of communication at workplaces. Yeo explained that with all the critical data being sent via email, it is expected for cybercriminals to see it as an effective and lucrative entry point.

“An unfortunate example is the $81M Bangladesh Bank Heist in 2016 which was made possible by a single, successful targeted phishing attack. Enterprises in the region should carefully look into holistic and in-depth cybersecurity technologies to beef up the security of their highly critical mail servers,” commented Yeo.

Globally, 253,365,212 phishing links were detected and foiled by Kaspersky solutions last year. In total, 8.20% of Kaspersky users in different countries and regions around the world have faced at least one phishing attack.

As employees make their way back to work in the office, remote work is probably the main trigger point for increasing phishing emails in the past two years, with business email compromise (BEC) attacks a rising trend. BEC attacks are a type of fraud that involves impersonating a representative from a trusted business. A BEC attack is defined as a targeted cybercriminal campaign that works by:

• Initiating an e-mail exchange with a company employee, or taking over an existing one;
• Gaining the employee’s trust;
• Encouraging actions that are detrimental to the interests of the company or its clients.

A report by Verizon also showed that BEC was the second most common type of social engineering attack in 2021, while the FBI reported that BEC attacks cost U.S. businesses more than Usr $2 billion from 2014 to 2019.

Kaspersky experts are increasingly observing BEC attacks. In Q4 2021, Kaspersky products prevented over 8000 BEC attacks, with the greatest number (5,037) occurring in October.

Throughout 2021, the company’s researchers closely analyzed the way fraudsters craft and spread fake emails. As the result, they found out that the attacks tend to fall into two categories: large-scale and highly targeted.

For large scale, BEC-as-a-Service attacks simplify the mechanics behind the attack in order to reach as many victims as possible. Attackers sent streamlined messages en masse from free mail accounts, with the hope of snaring as many victims as possible. Such messages often lack high levels of sophistication, but they are efficient.

While some cyber criminals are relying on simplified mass mail outs, others are turning towards more advanced, targeted BEC attacks. The process works as follows: attackers first attack an intermediary mailbox, gaining access to that account’s e-mail. Then, once they find a suitable correspondence in the compromised mailbox of the intermediary company (say, financial matters or technical issues related to work), they continue the correspondence with the targeted company, impersonating the intermediary company. Often the goal is to persuade the victim to transfer money or install malware.

“Right now, we observe that BEC attacks become one of the most spread social engineering techniques. The reason for that is pretty simple – scammers use such schemes because they work. While fewer people tend to fall for simple mass-scale fake emails now, fraudsters started to carefully harvest data about their victims and then use it to build trust. Some of these attacks are possible because cybercriminals can easily find names and job positions of employees as well as lists of contacts in open access. That is why we encourage users to be careful at work,” explained Roman Dedenok, security expert at Kaspersky.

To deal with phishing emails, enterprises can take a range of effective measures. Training and raising awareness on phishing emails remains the most popular method practiced by most organizations.

Apart from that, enterprises can use security tools to protect corporate communication channels with a solid set of anti-phishing, anti-spam, malware detection technologies. While BEC represents one of the most sophisticated types of email compromise, there are solutions that have dedicated heuristic model for processing indirect indicators and detect even the most convincing fake emails.

 

---

---

---

---