There may be many fish in the sea, but there are even more in the digital ocean. That is, perhaps, why phishing is the favorite pastime of so many cybercriminals. The problem in this scenario is that they’re phishing for your data.
What is Phishing?
Phishing is a type of cyberattack where criminals try to steal your data. They send you an email pretending to be a legitimate service or entity. From there, you’re diverted to an external website and asked to provide certain information, such as your username and password.
The problem is that the website you’ve been diverted to isn’t legitimate. It will be a site that looks legitimate but belongs to cybercriminals. They can see any information you enter on this site and use it to access your account.
Example of a Phishing Attack
You receive an email from Maybank telling you your account has been compromised. You’re asked to click a link and log into your Maybank account to reset your password. You duly follow the instructions.
Once you’re done, the criminal will have your username, old password, and the “new” password.
Phishing emails today are getting incredibly sophisticated. They so closely mimic legitimate businesses that often, even experienced users can’t tell them apart. To better protect clients from dangerous emails, we are moving towards AI-assisted detection and blockage.
Bernard Tan
CallNet Senior Systems Engineer
Notable Phishing Statistics and Incidents in Malaysia
Across 2022, Southeast Asia experienced over 43 million phishing attacks. Of those, 8.2 million targeted Malaysians. While we love being at the top, ranking as the number two country targeted by phishing attacks isn’t something to celebrate.
Other phishing incidents in Malaysia include:
- In 2023, Cybersecurity Malaysia warned of a phishing site link being spread via Telegram. The site mimicked MyKasih Sumbangan Asas Rahmah (SARA).
- Hacker group Dark Pink tried to steal confidential military data. They used phishing attacks to target the emails of several Malaysian defense agencies.
- The Royal Malaysian Police arrested eight individuals in 2022 for providing Phishing-as-a-Service. The group had been active for years and even sold stolen credentials.
How to Protect Yourself From Phishing Attacks
The problem with phishing emails is that they aren’t always detectable by spam filters. It’s getting worse than before as cybercriminals up their game and create professional-looking phishing email templates.
Because of this, you must stay alert in your inbox. Here’s what you need to know:
- Always Be Skeptical: Treat all emails with caution. Cybercriminals don’t just use fake email domains. They may even hijack legitimate email accounts and use them.
- Check the Sender’s Email Address: Phishing emails often come from addresses that look similar to legitimate ones but have tiny differences.
- Don’t Click on Links: If the email asks you to do something on a website, type the URL into your address bar. Never click on a link that comes with the email.
- Use Reputable Security Software: As cybercriminals up their game, so do large internet security companies. Many are moving to AI to help detect and block dangerous emails.
- Enable MFA: Whenever possible, secure your accounts with multifactor authentication. This makes it harder for cybercriminals to access your account with just the login credentials.
- Verify Contact Information: If an email asks you to call a number, check the number from their official website and see if it matches.
- Regularly Check Your Accounts: While this may not always be possible for every account, at least review your bank and other critical services.
phishing Protections for Small business & enterprises
The conclusion of a successful phishing expedition can be extremely painful for victims. Once they provide cybercriminals with the necessary data, they likely won’t know something is wrong until it’s too late.
To enhance your defense against phishing attacks, it’s crucial to consider solutions from renowned cybersecurity brands. Prominent brands like Cisco specialize in preventing phishing by using advanced detection techniques and offering robust security measures that can be integrated into your existing cybersecurity framework.
Be proactive, and you can run your business with peace of mind. Don’t wait until it’s too late. For more detailed strategies and tools against phishing attacks, talk to our cybersecurity expert at Callnet Solution.