Cybercriminals are after bonuses, refunds, other targets — report

August 8, 2023 - 6:50 PM
Google Mail
Stock photo of Gmail, Google's e-mail service. (Unsplash/Stephen Phillips of

Bonuses, refunds, and compensations are popular targets of cybercriminals in Southeast Asia in 2022, a new report by a cybersecurity firm revealed.

Kaspersky, a leading cybersecurity firm, recently released a report that detailed the key phishing topics, trends and campaigns in Southeast Asia last year.

In its report, the company found that the key phishing topics in the region were related to individuals’ bonuses, refunds, and compensations last year amid times of financial crisis in the region.

It also noted that bonuses and compensations to cover expenses were difficult to refuse during this difficult period.

These topics and trends were among the targets of cybercriminals to effectively develop their social engineering technique for potential victims.

“Cybercriminals follow trends. They know the latest topics they can effectively piggyback on. It’s a social engineering technique that plays on our human minds, that’s why it’s difficult to resist clicking an unknown link, which may eventually turn out to be malicious,” Adrian Hia, managing director for Asia Pacific at Kaspersky, said.

Kaspersky further noted that cybercriminals also took advantage of the regional surge in costs of utilities and basic commodities.

In the report, the firm explained that cybercriminals created fake web pages that mimicked the ones from government agencies.

“Cybercriminals attempted to take advantage of the situation by creating web pages that mimicked government websites, promising cash for covering utility payments or compensation for utility expenses. Visitors were occasionally asked to provide personal details under the pretext of checking that they were eligible, or simply to fill out a questionnaire,” it said.

Specific cases

Kaspersky cited schemes involving charity packages purportedly under a “Ramadan Relief” program in Muslim countries.

Scammers targeted low-income families during the fasting period.

Below is a screenshot of a fake Ramadan Relief Package that was posted on a social media platform.

Scammers offered a refund of water supply costs (Released)

In Singapore, meanwhile, Kaspersky detected fake offerings of refunds of water supply costs.

Scammers used Singapore’s water supply authority to entice victims.

Scammers promised to send charity packages – Ramadan Relief program (Released)

In a statement, Hia cited that Kaspersky’s detection system managed to block over 43 million phishing attacks against Southeast Asian users last year.

“Because its nature requires a user’s participation – the mere clicking a link or opening of a file – it’s urgent for everyone to know how phishing really works so we can avoid falling prey to it,” he said.

How a phishing campaign unfolds

Kaspersky also saw an increase in targeted phishing attacks against businesses via a succession of emails.

In the report, the company detailed the step-by-step process of this phishing scheme. It mainly involves suspicious business emails and attacked links.

For awareness and prevention, the steps are:

  1. Attackers send an email in the name of a real trade organization requesting more information about the victim company’s products.
  2. After victims respond to a first email, attackers send a new message, asking them to go to a file-sharing site and view a PDF file with a completed order, which can be found via the link.
  3. By clicking the link, the user is taken to a fake site generated by a well-known phishing kit. It is a fairly simple tool that generates phishing pages to steal credentials from specific resources.
  4. When victims attempt to log in, their usernames and passwords are sent to https://pbkvklqksxtdrfqkbkhszgkfjntdrf[.]herokuapp[.]com/send-mail.