Phishing is one of the most effective techniques for online attackers to obtain sensitive information, and perpetrators are increasingly refining their techniques, according to the global cybersecurity firm Kaspersky.
A conventional phishing attempt involves sending an email or other message purporting to be from a reputable source in order to induce someone to reveal personal information, such as passwords and credit card numbers.
In the past, these usually were one-time occurrences. But some actors are taking their scams to new levels, says Adrian Hia, managing director for Asia-Pacific at Kaspersky.
"Recently, we've seen an increase in targeted phishing attacks where scammers don't immediately move on to the phishing attack itself, but only after several introductory emails where there is active correspondence with the victim," he said.
"Our experts predict that this trend is likely to continue. New tricks are also likely to emerge in the corporate sector in 2023, with attacks generating significant profits for attackers."
In a recent report on global phishing exploits in 2022, Kaspersky said its anti-phishing system software blocked 6.3 million email phishing attempts targeted against users in Thailand in 2022. The figure for all of Southeast Asia was 43.4 million.
Globally, the company said its system prevented 507.8 million attempts to follow a phishing link.
Pages impersonating delivery services had the highest percentage of clicks on phishing links (27.4%), according to Kaspersky. Online stores (15.6%), which were popular with attackers during the pandemic, occupied second place. Payment systems and banks each accounted for 10.4% of the total.
"We encourage victims to report incidents to local authorities, such as the Royal Thai Police, so that the cases can be properly investigated and the public can be warned and encouraged to adopt protective measures, like installing a robust cybersecurity solution on their device," said Mr Hia.
From March 1 to June 30 this year, the Royal Thai Police reported 23,616 cybercrime-related complaints were submitted on its website, representing an estimated 11.5 billion baht in damages.
The Royal Thai Police provides the website thaipoliceonline.com for individuals who want to report cyber and technology crimes in particular, with the goal of providing victims with more convenience and a faster procedure, as well as the option to follow the progress of a case in real time. Victims can also get help and guidance through the emergency number 1441.
To make sure that you don't become a phishing attack victim, here are some precautionary steps you should always take to avoid phishing.
- Learn to recognise phishing attacks: make yourself familiar with what all types of phishing attacks look like. When you receive them, delete them immediately.
- Report phishing attacks: Once you have avoided a phishing attack, report the attack. This will allow companies to step up security and ensure they're keeping customer accounts safe.
- Get antivirus and anti-phishing software: Most digital security companies have software that has anti-phishing components built-in. Many will allow you to filter out phishing messages as spam, so you don't even see them.
- Make sure you are using an antivirus program that would also remove any virus on your computer and that would help heal any damage done if any bad actors had installed malware on your devices.