More than 55% of phishing attempts in Thailand are finance-related, while the proportion of such attacks using fake e-shops in the country tops Southeast Asia, according to Russia-based cybersecurity firm Kaspersky.
"Phishing attempts are the most popular among scammers because they use social engineering to lure users," said Benjamas Chuthapiphat, territory manager for Thailand at Kaspersky.
From February to April, Thailand ranked third in Asean in terms of the proportion of finance-related phishing attempts at 55.6%, trailing the Philippines at 69% and Singapore at 55.7%.
Thailand was followed by Malaysia at 50.6%, Indonesia with 42.8% and Vietnam with 36.1%.
Globally, the proportion of finance-related phishing was 48.2% for the period.
From February to April, Thailand recorded 5.25% of phishing attempts that were bank-linked and 22.2% pertaining to payment systems, according to a study by Kaspersky.
Phishing includes the use of fake bank apps or bogus online payment platforms to draw data from users.
Attacks using fake e-shops saw the highest proportion at 28.2%, also the highest in Asean.
Phishing via e-shops entails using fake online shopping websites or applications to send malicious links to users via SMS to lure consumers to provide their personal information, said Ms Benjamas. Thailand has a high number of online shoppers.
In Asean overall, payment system-related phishing attempts were the main attacks with malicious mails targeting payment systems at 32.1%, followed by the use of fake e-shops at 10.8% and banks at 5.03%.
According to Kaspersky, payment systems, the use of fake e-shops and banks are all major targets for phishers. This indicates that they are most interested in personal data which provides access to money.
Puttipong Ponglaksamana, pre-sales manager for Thailand at Kaspersky, said the firm also noted the trend for hackers targeting super apps through their infrastructure or users.
Super apps are traditional banks and service providers' way of standing out in a crowded industry.
As they work with third parties and incorporate their services into a single mobile app, the attack surface expands, opening up more opportunities to exploit.
Citing Kaspersky's IT security economics report in 2019, Mr Puttipong said the financial impact from the average data breach reached US$1.41 million in 2019, up 15% from a year earlier, while organisations reported the growing complexity of attack scenarios.
Mr Puttipong said the use of Kaspersky's Managed Detection and Response solution can help organisations overcome budget strains in cybersecurity protection amid the shortage of cybersecurity staff while the system can catch up with new phishing tactics and ransomware.