Part 2: Latest Phishing Trends in the Philippines

In the first article, we discussed the latest phishing trends seen in the Philippines. We learned that threat actors are looking for quality tools to carry out their schemes. Cyberint experts observed that hackers in the Philippines continue to use traditional end-to-end processes but have also expanded to more advanced techniques such as OTP Bypass and Email Checker.

Phishing can seemingly be simple and harmless but the effects can be truly devastating to victims. This method is arguably the most dangerous and effective cyber-attack out there. According to statistics, 91% of cyberattacks begin with phishing scams. It is simple, effective, and has high returns for cybercriminals, making it one of the more favorable methods for them.

So how can you protect yourself and your company? Here are some recommendations from our partner Cyberint:

Cyberint Defense Recommendations

1. Redesign the current login page into a design that is harder to replicate to render old phishing kits obsolete. It is also important to implement a phishing beacon in a system to help detect phishing pages faster.
2. Distribute persistent social media and email advisories for security awareness
3. Implement stricter validation of KYC (Know Your Customer) file submitted by customers
4. Password hygiene for all customers
5. Implement an anti-bot mechanism and error message management on the login page to deter email checkers
6. For True Login, Cyberint experts suggest the following:
   1. Improve phishing detection abilities
   2. Improve takedown process
   3. Regular API check-up
   4. Regular rotation of public key and UUIDs
   5. Upon detection of a threat actor, analyze related details (Phishing website, sender, kit, etc.)
7. For OTP Bypass, Cyberint experts suggest the following:
   1. Regular tabletop/ testing
   2. Thorough application QA testing
   3. Rigorous app security
8. For Real-Time Messaging, Cyberint experts suggest the following:
   1. Security awareness for phishing, vishing, and smshing

In Summary

 This webinar shows the hostility of the current environment that we live in.  Cybercriminals today are an ecosystem that preys on small and large businesses around the world, generating billions of dollars a year. Companies can protect themselves with advanced security technology and detailed cybersecurity plan. Adding another layer of protection such as Multi-Factor Authentication to a system can greatly reduce the risk of a compromise. Cyberint described it as  “security in-depth” which is a system that has multiple security mechanisms that complement each other and does not rely on just one single mechanism.  With that being said, a crucial step that companies overlook is educating employees on security awareness and the dangers that are present on the web.

As one of the Cyberint experts said,  “If your company employees are aware of what is happening out there, it can actually prevent it from happening to them. These threat actors exploit the weakest link in the system, which is the human factor, and if your employees are aware of these threats,  that’s a good thing.”

For more information or inquiries, contact us now and find out more effective ways to keep your company safe.

About IPV Network

Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!