Thai businesses most targeted in ASEAN for financial phishing

Thai businesses are facing a surge in financial phishing attacks, and cybercriminals are exploiting the region's burgeoning digital economy, according to a report by global cybersecurity firm Kaspersky. 

The company revealed that Thai enterprises were the most targeted in Southeast Asia, experiencing over 240,000 attempted attacks in the past year.

Kaspersky's data shows that its business security solutions blocked a staggering 534,759 attempts to open financial phishing links across Southeast Asia in 2024. 

These attacks targeted businesses of all sizes, with criminals using deceptive links distributed via email, fake websites, messaging apps, and social media platforms.

"Financial phishing" specifically targets banks, payment systems, and online retailers, employing fake websites designed to mimic legitimate platforms and trick users into divulging sensitive financial information.

Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, expressed alarm at the volume of attacks. 

"The sheer number of financial phishing attempts detected on business devices in Southeast Asia is deeply concerning," he said. "With the region's digital economy expected to reach US$1 trillion by 2030, it has become a prime target for cybercriminals. Businesses must remain vigilant."
 

Thailand recorded the highest number of attempted attacks (247,560), followed by Indonesia (85,908) and Malaysia (64,779). Vietnam saw 59,560 attempts, while Singapore and the Philippines recorded just over 38,000 each.

Yeo highlighted the role of artificial intelligence in escalating the threat. 

Yeo Siang Tiong

"AI has enabled the creation of increasingly convincing fake websites, making it easier for users to fall victim," he explained. "Coupled with the region's diverse regulatory landscape and varying levels of cybersecurity readiness, Southeast Asia presents a significant target for financially motivated attacks. Businesses require robust tools and real-time threat intelligence to stay ahead."
 

Kaspersky experts have issued the following recommendations to mitigate the risk of phishing attacks:

For individuals:

• Only open emails and click links from trusted senders.
• Verify suspicious messages with the sender via alternative communication channels.
• Carefully check website URLs for spelling errors.
• Use reputable security software with up-to-date threat intelligence.

For businesses:

• Conduct regular cybersecurity awareness training for employees.
• Implement robust email gateway protection to filter out malicious content.
• Instal comprehensive security solutions with anti-phishing technology on all business devices.

"Regular staff training is crucial," Yeo emphasised. "Employees must be able to recognise social engineering tactics and identify fraudulent communications. For instance, fake emails from reputable companies like Booking.com often originate from free email addresses, a clear red flag."