Kaspersky's latest statistics for Southeast Asia reveal that 43,445,502 phishing attempts were successfully blocked by Kaspersky Solutions in 2022. Of these, 1,556,232 were phishing attempts in Singapore.
The number represents the malicious mailings blocked by the Kaspersky Anti-Phishing system for individual and enterprise users.
Email phishing attacks in Singapore remain to be a significant concern; out of the total number of phishing emails thwarted in 2022, 55% (852,823) were targeted at businesses as scammers looked to trick employees with fraudulent emails typically linked to corporate issues and delivery problem notifications.
At the end of last year, the Singapore Police Force issued an advisory on the re-emergence of phishing scams involving emails purportedly sent from Singapore Post (SingPost) and Singtel with a fraudulent URL link embedded.
Between January and November 2022, at least 85 victims had fallen prey to such email phishing scams.
In May 2023, scam emails impersonating the Inland Revenue Authority of Singapore (IRAS) were also reported. The emails claimed that victims were under investigation for incorrect tax filing, and those who clicked on the fraudulent link within the emails were led to a spoofed IRAS website that would phish personal details, such as password and account number, to be used for identity fraud.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, says: "Most cyberattacks begin with a phishing email to an unsuspecting victim, and anyone who uses email can be a target for phishing scammers."
"These attacks have grown more sophisticated over time, with threat actors finding ways to tailor their scams and give very convincing messages than can easily trip people up."
Globally, the number of phishing attacks prevented by Kaspersky's Anti-Phishing system totalled 507.8 million.
In 2022, pages impersonating delivery services had the highest clicks on phishing links blocked by Kaspersky's solutions (27.38%). Online stores (15.56%), popular with attackers during the pandemic, occupied second place. Payment systems (10.39%) and banks (10.39%) ranked third and fourth.
Hia adds: "Recently, we've seen an increase in targeted phishing attacks where scammers don't immediately move on to the phishing attack itself, but only after several introductory emails where there is active correspondence with the victim."
"Our experts predict that this trend is likely to continue. New tricks are also likely to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers."
Kaspersky has provided precautionary steps businesses, and individuals should always take to avoid phishing.
- Learn to recognize phishing attacks: become familiar with what all types look like. Upon receiving them, delete them immediately.
- Report phishing attacks: Once a phishing attack is avoided, report the attack. This will allow companies to step up security and keep customer accounts safe.
- Get antivirus and anti-phishing software: Most digital security companies have software that has anti-phishing components built-in. Many allow phishing messages to be filtered out as spam. Make sure to use an antivirus program that would also remove any virus on a computer and help heal any damage done if any bad actors had installed malware on devices.