Numbers have been declining but damage from threats keeps rising, according to Kaspersky

People in Thailand received 10.3 million different web threats last year, or an average of 28,130 per day, based on threats detected and blocked by Kaspersky cybersecurity products.

The figure is 20.5% fewer than the previous year when 12.9 million threats were detected. Overall, 24.4% of Thai users were targeted by web threats in 2024.

The figures for Thailand have been on the decline since 2022, when 17.3 million web threats were recorded by Kaspersky Security Network.

Web threats are attacks via web browsers, which are the primary method for spreading malicious programs. Social engineering and exploiting vulnerabilities in browsers and plugins (drive-by download) are the most common ways used by cybercriminals to penetrate systems.

According to the National Cyber Security Agency (NCSA), Thailand has experienced a severe spread of online fraud in the past three years. The fraud pattern has not changed much, but the losses have increased continuously. Between 2022 and 2024, Thai people lost 79.5 billion baht from online fraud, or an average of 77 million baht per day.

Among 773,118 complaints filed through the Online Complaint Centre, common scams are based on the knowledge that people want to earn extra income in an uncertain economy. The most common scam is the sale of products at unbelievably low prices. Another is online work scams such as watching video clips, or asking for fees from victims and claiming they will get a high price in return.

The decline in detection numbers in Thailand reflects the fact that the volume of several types of threats has decreased globally in the past couple of years, among other factors.

"The numbers of cyberthreats are fluctuating, not uniformly declining," says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. "Perceived decreases can stem from several factors, including improved detection and prevention technologies masking the actual threat volume, a shift in attacker tactics towards more sophisticated attacks, a focus on specific high-value targets and reducing the overall number of less impactful incidents reported publicly.

"As well, an increased investment in cybersecurity awareness training has led to fewer successful phishing campaigns. These explanations suggest a complex picture, rather than a simple overall reduction in malicious cyber activity.

"Cybercriminals target everyone, regardless of age or gender. Moreover, they prioritise 'quality over quantity'. We have predicted and observed the transition from massive attacks to fewer but more targeted and sophisticated infiltrations, resulting in a number of high-profile incidents in many Southeast Asian countries, including Thailand.

"We urge everyone to keep their guard up. Our experts offer best protection for Thais against these threats and save users from losses, ensuring that their daily online experience is completely safe."

To avoid encountering cyberthreats, follow these five easy steps that significantly improve your online safety:

Automate your passwords: Make all your passwords for both websites and apps long enough (at least 12 characters) and unique (that is, never use them more than once). No one can think up and memorise so many passwords, so use a password manager to create, store and enter them. You'll only need to come up with and memorise just one (long!) main password for it; everything else -- from generating to entering passwords -- will be done automatically.

Enable double checking: Double checking, or two-factor authentication, protects you from password-stealing hackers who break into your accounts using leaked credentials. Besides the password, they'll need to enter a one-time code sent to you via a text or an authenticator app. Although banks enable two-factor authentication (2FA) automatically, in many other online services it remains optional. Wherever your data is even a tiny bit confidential (social networks, messengers, government services, email), we recommend enabling 2FA in the settings, if available.

Double-check links and attachments: Never follow links or open files sent via messenger or email if you don't recognise the sender or aren't expecting any messages. If a friend, colleague or acquaintance writes you a message, but it looks even a little strange, call them, or reply via another communication channel to make sure it really is them and not a scammer.

Enable automatic updates: This is to prevent cybercriminals from infecting you by exploiting bugs in your operating system, browser, office applications or other software. They can all update themselves -- you just need to not postpone this action when prompted to restart the program or computer.

Think twice before sharing online: Photos sent to a stranger or scanned documents posted on social media can come back to bite you. You or family members might become victims of extortion, or scammers might use such information to create a convincing cover story to extract money from you or your friends. What gets posted online can be very difficult, if not impossible, to remove.