In the Philippines, the pandemic has brought out the worst in some opportunists, and phishing attacks appear to be the cyber weapon of choice. For years, the Philippines has attempted to enforce legislation against engineered phishing scams, but with so many Filipinos online at all times during the pandemic, the National Bureau of Investigation’s Cybercrime Division recorded a 200% increase since the lockdowns began in March of last year.
Phishing is the top cybercrime committed in the Philippines during the COVID-19 pandemic, according to Philippine authorities, followed by online selling scams and the spread of fake news. However, phishing schemes, in which scammers assume the identity of a trusted person or institution to gain access to personal or sensitive data, are the archipelago’s undisputed number one cybercrime.
Phishing scams attempt to take advantage of a perceived lack of digital literacy in the country, sending emails, calls, or text messages from (often near identical to the source they are imitating) false or stolen identities, to convince the victim to click on fraudulent links, or otherwise divulge personal information somehow including data such as passwords, bank account information, and other confidential data. The data often collected from users are their login credentials, credit card numbers and online banking passwords.
As per a new report from security awareness training, phishing emails about password cheques are still popular. According to the findings of its top-clicked phishing report, there has been a significant increase in phishing email attacks related to HR topics, particularly new policies that would affect all employees across organisations. One subject area that has dropped off dramatically includes messages related to Covid-19, the report said, adding that end-users have become savvier about scams related to that topic.
Moreover, social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 41% according to the survey.
“With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks,” said the CEO of the security awareness training. In the report, it is examined tens of thousands of email subject lines from simulated phishing tests. The company also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.
As cybercrime is on the rise everywhere, it is up to individuals and vulnerable target organisations to ensure that their cybersecurity is up to date, staying informed of the latest cyber scams and emerging threats, and strengthening their resilience to withstand the post-pandemic cyberthreat climate.
These are few steps a company or an organisation can take to protect itself against phishing:
- Educate employees and conduct training sessions with mock phishing scenarios.
- Deploy a SPAM filter that detects viruses, blank senders, etc.
- Keep all systems current with the latest security patches and updates.
- Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
- Develop a security policy that includes but isn’t limited to password expiration and complexity.
- Encrypt all sensitive company information.
- Convert HTML email into text-only email messages or disable HTML email messages.
- Require encryption for employees that are telecommuting.
These, on the other hand, must keep a pulse on current phishing strategies and ensure that their security policies and solutions can eliminate threats as they evolve. A business can drastically reduce its risk and exposure to these attacks by providing regular security awareness training to its employees.