Kaspersky reports on spam and phishing attacks in the guise of sale events in 2021


MANILA, Philippines – Nothing grabs anyone’s attention more than the four-letter word, “SALE.”

It used to be that Filipinos had to wait for yearly mega sale events to get the best price for that shirt or kitchen tool they’ve long been wanting to buy. With frequent seasonal sale events that take place these days through digital platforms, customers would always find a reason to shop for everything from gadgets to groceries to plants.

But when there’s an online activity, cybercriminals will not be far behind.

Phishing remains an effective way to lure online shoppers into handing over their personal data and financial information to cybercriminals. Well-known brands in the retail and banking sectors are most often used as bait.

One common tactic that hackers use is sending out mass amounts of fake promotional materials disguised as legitimate messages from retailers through email or social network sites. Once you click on the link to view a seemingly too-good-to-be-true offer, you will be redirected to a malicious site instead of the retailer. This will put your device and financial information at risk while the malicious link will spread itself to all your friends to victimize them, too.

In 2021, Kaspersky products detected more than 40 million phishing attacks globally targeting e-commerce, e-shopping platforms and banking institutions. The introduction of more e-payment systems and its popularity among customers for unmatched convenience also attracted cybercriminals that financial phishing attempts targeting e-payment systems more than doubled last year —an increase by 208%.

In Southeast Asia, the Philippines recorded the highest number of users exposed to phishing attempts in 2021 at 9.90% followed by Malaysia (8.49%) and Thailand (7.93%). Singapore was monitored to have the lowest number for this type of threat (3.30%).

However, data from Kaspersky showed last year that the Philippines experienced a 38.31% decrease in the number of users exposed to phishing attempts compared in 2020 at 16.05%.

“The lesser number of phishing attacks does not necessarily mean our data and online finances are safer. Decrease in number of attacks are observed last year across different threats such as mobile malware and phishing. This is because “spray and pray” is not the preferred method for cybercriminals anymore. Our data shows that they are now opting for a more targeted approach, aligning their attack with the current local trends and holidays, and even making personalized phishing email or fake websites, and delivering them to their targets,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“Since the pandemic, online shopping and e-payments have been embraced by Filipinos. So, we urge Filipinos to be on guard especially towards sales announcements delivered through emails, text messages, social media posts, or even calls. Threats can come from anywhere, but we can protect ourselves with vigilance and a robust security solution installed in our devices,” he adds.

According to Kaspersky, no matter who the victim is or how sophisticated the phishing scam may be, there is always a way to sniff out fraud before it’s too late.

In Kaspersky’s recent study, eight out of 10 Filipinos surveyed said they are now aware of digital payment scams. This is good news because vigilance against cyberattacks starts with becoming aware about risks.

To avoid getting scammed, you need to know what to watch out for. As you wait for the next online sale event, here are 10 ways you can do to stay safe and secure while shopping online:

  1. Type the URL directly into the address bar. It may take a little more effort, but this simple action can help to prevent you from visiting a fake or malicious website. Shortened URLs, often used because they are phone-friendly, can also trick you into visiting risky sites. With the new memorandum from the Bangko Sentral ng Pilipinas, clicking on malicious links would hopefully be avoided.
  2. Use a credit card. Your purchases will usually be insured and disputes are easier to settle when using a credit card than a debit card. Use a separate card dedicated to online shopping with a low limit. Or opt for a prepaid credit card that is not connected to your savings account. Some banks also offer virtual credit cards which generate a random account number for each purchase, preventing hackers from using the number again.
  3. If possible, dedicate a device and email address to online banking and shopping. By avoiding the use of the same computer for other internet activities such as browsing, social networking, emailing, and downloading, you create a “clean” computer. A dedicated email address will limit the number of spam messages you receive and reduce the risk of opening potentially malicious emails disguised as sales promos and other notifications.
  4. Be wary of coupon or freebies sites. Scammers use the lure of great deals to con bargain hunters. Watch out for sites that ask you to create a lengthy profile with really personal information.
  5. Manage and protect your online passwords. You can use a password manager to help. Some security solutions like Kaspersky Total Security include password management and password security features which would come in handy if you’re struggling with remembering passwords for all your online accounts.
  6. Avoid using public WiFi. Using free WiFi provided by coffee shops, hotels, restaurants and other public areas to sign into your private account is a security risk. Savvy hackers could hijack the WiFi signal or set up their own to trick you into using it then they can see everything you do on your device. If you need to access the Internet when shopping, it’s safer to do so via your mobile phone network. If using a public network is the only option, make sure to install a virtual private network (VPN) first so that your data will be encrypted and hackers can’t intercept it.
  7. Stick to familiar brands you know or have heard of. Where possible, try to buy from retailers you know, especially those with a good reputation. If you’re buying from a new vendor, research it carefully. A good test is to see if you can contact the seller — look for an email, phone number or address plus a returns policy. A vendor’s feedback history/online reviews is another indicator of reliability and integrity.
  8. Always log off after shopping online. Do this especially if you share a computer with someone else.
  9. Use a reliable security solution. Choose one that has behavior-based anti-phishing technologies such as Kaspersky Total Security which will notify you if you’re visiting a phishing website. Having one is also a safety net as it can catch your accidental slips especially when you’re shopping last-minute and internet safety is no longer the first thing on your mind.
  10. Read your credit card statements. Go through them and check for unauthorized charges. Report it immediately to your bank if there is anything unusual.

To learn more about Kaspersky 2021 spam and phishing reports: https://securelist.com/spam-and-phishing-in-2021/105713/