Phishing threat in messenger apps

Phishing is the most effective trick used by cybercriminals to reveal your credentials, such as credit card number, account number or login name and passwords.

Phishing threat
Photo by Mikhail Nilov @Pexels

Phishing attempts in Malaysia targeting payment system, remains the most used trick to scam internet users.

According to Kaspersky‘s fresh data, March recorded the highest detections of this threat at 41.09 per cent.

February 2022 witnessed the cybercriminals eyeing to victimise users through banking, payment system and online shopping, at 52.43 per cent, just 1.57 per cent lower than overall Southeast Asia region in terms of finance-related phishing attempts.

What is Phishing

Phishing is a fraudulent attempt, usually made through email, to trick you to reveal your credentials to the attacker.

Phishing emails usually appear to come from a well-known organization and request for your personal information such as credit card number, account number or login name and password.

In Malaysia, most of the phishing attacks detected target internet banking users and tricks them to reveal their credentials.

Phishing has remained to be the most effective trick on cybercriminals’ sleeves. It is a known way to crack into a user’s or even a company’s network by playing on a user’s emotions.

Banking and payment system phishing attempts

Photo by Cottonbro @Pexels

Kaspersky said banking and payment system phishing attempts may have been lower since the April 2022.

This was the announced start of Malaysia’s border reopening to international travellers, as well as for Malaysians to travel abroad without the need to quarantine.

However the online shopping phishing attempts went up in April to 8.67 per cent, with the possibilities of many looking into online deals that may have promised lucky draws.

Phishing data since 2021

Kaspersky analyzed anonymized clicks on phishing links across messenger apps and found that between December 2020 and May 2021, 91,242 detections were recorded globally.

See also  NCIA supports Budget 2025’s vision for growth

The biggest share of detected malicious links during the 6-month period were sent via WhatsApp (89.6%), followed by Telegram (5.6%). Viber is in third place with a share of 4.7% and Hangouts has less than one percent.

Phishing threat
Photo by Pixabay

Countries experiencing the highest number of phishing attacks were Russia (46%), Brazil (15%) and India (7%). Globally, 480 detections were recorded per day. 

Kaspersky Internet Security for Android detected the biggest number of malicious links in WhatsApp, partly due to the fact that it is the most popular messenger globally.

The biggest share of such messages was detected in Russia (42%), Brazil (17%) and India (7%). Telegram had the least amount of detections, but was similar in geography to WhatsApp.

The biggest number of malicious links were detected in Russia (56%), India (6%) and Turkey (4%). High figures in Russia are probably due to the increased level of popularity of this messenger in the country.

Vulnerable applications

Based on statistics, Viber and Hangouts received a smaller number of recorded detections. The key difference between them is regional representation.

The biggest number of detects in Viber was identified mostly in Russia with 89%, and the CIS countries – Ukraine 5% and Belarus 2%, and the majority of Hangouts’ detections were from the USA (39%) and France (39%).

In terms of the number of phishing attacks recorded per user on WhatsApp, Brazil (177) and India (158) led the way. At the same time, Russian users have become leaders in the number of detections on Viber (305) and Telegram (79) compared to other countries.

Phishing threat
Tatyana Shcherbakova, senior web content analyst at Kaspersky.

Tatyana Shcherbakova, senior web content analyst at Kaspersky said scammers have the ability to use the built-in functionality of applications to carry out attacks.

See also  Indie Jam 2024 celebrates Southeast Asian indie games

“Vigilance combined with anti-phishing technologies form a reliable tool in the fight against phishing in messenger apps,” she said.

Kaspersky has provided the following tips to reduce the risk of falling foul of scams and receiving malicious links across messenger:

  • Be vigilant and look for irregularities or misspellings in links.
  • Be aware and don’t share any suspicious links with your contacts. A ‘chain scheme’ is common practice, where a scammer asks a user to share the malicious link that appears legitimate to his contacts, as it is from a person they know.
  • Scammers often use WhatsApp and other messengers to communicate with users who were found on a legitimate resource (e.g. various marketplaces and accommodation booking services) and also use them as a method of communication in malicious messages. Even if messages and websites look real, the hyperlinks, most likely, will have incorrect spelling, or they can redirect you to a different place.
  • Even if a message or letter came from one of your best friends, remember that their accounts could also have been hacked. Remain cautious in any situation. Even if a message seems friendly, be wary of links and attachments.
  • Install a trusted security solution to stay secure.
Avatar photo

Thomas Tan

Thomas Tan joined CJMY in 2011. At the second annual conference in Johor Bahru, he received the 'Best Article 2011' Award. To date, he has published over 1,000 articles on community events and various topics.