Indonesia Has the 2nd Highest Phishing-Infected Users
Phishing is increasingly prevalent in Southeast Asia. This is revealed by the latest statistical report released by Kaspersky, a global cybersecurity company. According to the report, the total number of phishing attempts on internet users in the Southeast Asia region reached 14 million times in the first six months of 2019.
Of the 14 million times, 11 million attempts were targeted at three countries which are Vietnam, Malaysia, and Indonesia. The aforementioned “phishing attempt” refers to the frequency of perpetrators’ attempt at persuading Kaspersky’s users to visit fraudulent website in order to steal their data.
The country with the highest number of phishing-infected users is Malaysia, with a percentage of 15.829% users. The number underwent a 4.5% increase from 2018. On the other hand, with 14.316% phishing-infected users, Indonesia occupies the second position. This figure indicates around 3.6% increase compared to 2018. The third is Thailand, with 11.972 % phishing-infected users (1% increase from the previous year). Phishing-infected users refer to the proportion of Kaspersky’s users who are targeted by phishing within a given timeframe.
Phishing exploits users’ emotional side and relationships to steal credentials such as personal data, credit card, and company data for the benefit of the perpetrators. Instead of hacking IT systems, the perpetrators use subtle ways by deceiving individuals. A perpetrator typically sends an email to an individual, pretending to be a bank and directing the individual to a website that turns out to contain malware. With this malware, the perpetrator can steal the individual’s data.
As quoted from Iaasiaonline, Yeo Siang Tong, Kaspersky’s General Manager for Southeast Asia, said that these statistics indicated that the old but effective method was real in Southeast Asia, and there were no signs that this phenomenon would fade away in the near future. Southeast Asia has a large population of young people with mobile devices. Giving education about the risks of cyberattacks such as phishing is essential as a part of mitigation efforts.
The report should also be a warning for corporates to be more vigilant in fighting against cybercrime. When it comes to a corporate, phishing is not just responsibility of the IT department, but the entire corporate’s stakeholders. If an employee becomes a victim of phishing, then the company’s data is also at risk of being stolen. One of the mitigation efforts that corporates can do is educating their employees about phishing, in addition to strengthening their cybersecurity defense.