Malaysia remains top three in terms of phishing attacks in Southeast Asia 

• Loss of US$5.9 mil recorded as of February 2023
• Delivery services recorded highest % of clicks on phishing links 

Data from Kaspersky shows that email phishing attacks in Malaysia remain at an alarming rate. The firm said that in 2022, its Kaspersky Anti-Phishing System blocked 8,267,013 attacks.

According to Cybersecurity Malaysia, 4,741 cyber threats were reported in Malaysia last year. It had recorded 456 fraud cases as of February 2023. To raise the red flag further, a total loss of US$5.9 million (RM27 million) was already recorded by The National Scam Response Centre as of February 2023.

Adrian Hia (pix), managing director for the Asia Pacific at Kaspersky, said Malaysia remains in the top three amongst its Southeast Asian peers in terms of malicious emails blocked by Kaspersky.

“It’s important to note that the increased phishing trend is observed not just in Malaysia but globally. This tactic remains a go-to infection technique for cybercriminals because phishing, as a social engineering method, is really effective and easy to conduct.”

“As bad actors continue to be creative to hack our human minds through topics we care about, we need to continuously raise our awareness and really act on protecting our devices against cyber threats,” Hia said.

Globally, the number of phishing attacks increased markedly last year. Kaspersky’s Anti-Phishing system prevented 507,851,735 attempts to follow a phishing link.

The company said in 2022, pages impersonating delivery services had the highest percentage of clicks on phishing links blocked by its solutions (27.38%). Online stores (15.56%), which were popular with attackers during the pandemic, occupied second place. Payment systems (10.39%) and banks (10.39%) ranked third and fourth, respectively.

The rating of organizations targeted by phishers is based on the triggering of the deterministic component in the Anti-Phishing system on user computers.

The component detects all pages with phishing content that the user has tried to open by following a link in an email message or on the web, as long as links to these pages are present in the Kaspersky database.

“Recently, we’ve seen an increase in targeted phishing attacks where scammers don’t immediately move on to the phishing attack itself, but only after several introductory emails where there is active correspondence with the victim. Our experts predict that this trend is likely to continue,” Hia said.

“New tricks are also likely to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers,” he warned.

To ensure that you don't become a phishing attack victim, here are some precautionary steps you should always take to avoid phishing.

• Learn to recognize phishing attacks: make sure you are familiar with what all types of phishing attacks look like. When you receive them, delete them immediately.
• Report phishing attacks: Once you have avoided a phishing attack, report the attack. This will allow companies to step up security and ensure they're keeping customer accounts safe.
• Get antivirus and anti-phishing software: Most digital security companies have software that has anti-phishing components built-in. Many will allow you to filter out phishing messages as spam, so you don't even see them. Make sure you are using an antivirus program that would also remove any virus on your computer and that would help heal any damage done if any bad actors had installed malware on your devices.