Asia is one of the most internet-connected regions in the world with 1.6 billion users. The opportunity organisations has to find customers digitally is huge.

However, there’s a downside to all that connectivity: the risk of hacking and other IT security threats. Up-to-date anti-virus software can help fight malware but preventing employees and others from making security mistakes can be harder. Hackers and criminals know this. They have ways to trick people into giving up information they shouldn’t.

According to web professional community SitePoint, these kinds of attacks are often “more dangerous than traditional threats and can go unnoticed”. The end result is often hackers with access to data only company employees should know.

While these kinds of attacks can come in many forms, SitePoint warns, “the common thread is that they involve an attacker posing as a legitimate party”.

“Whether it’s a bank, IT company, manager or even a colleague, these are the types of attacks that are difficult (if not impossible) for software to detect.”

Understanding the Phishing Threat

‘Phishing’, for example, involves fake emails designed to look authentic so the recipient submits confidential information or clicks on a malicious link. Spear phishing is a more targeted form that’s aimed at a specific individual or business.

Once criminals who go phishing gain inside information, they can send legitimate-looking business emails to other potential targets.

According to Greg Aaron, senior research fellow at an organisation called the Anti-Phishing Working Group: “All businesses should assume that they have been researched by a criminal.”

Aaron adds: “Beyond phishing for bank account details, we have seen that attackers adopt numerous tactics to solicit email address and password combination[s] from employees.”

Another trick to watch for is scareware, which makes people believe they have mistakenly launched a virus or infected file. After that, the scareware tries to frighten them into paying for a ‘fix’ that is actually itself malicious.

Asian businesses should be especially vigilant to the risks of phishing and other such sneaky attacks, as the region – along with Latin America – saw the highest rates of malware infection last year. One recent study, for instance, found that four in 10 people surveyed across Asia have fallen victim to some kind of internet scam, with instances of identity fraud most common in Singapore.

Staying Safe

So how can organisations protect themselves against phishing and similar attacks?

Staff education and regular training can help raise your workforce’s awareness of risks. Employees should have clear guidance on what types of information they should share with others online – and with whom. Those responsible for HR and finance may be particular targets.

In addition, people should be suspicious of emails from unfamiliar sources or messages asking for sensitive employee or financial information. And if they receive such messages, or believe they might have clicked on a suspicious link, they should immediately report the incident to the IT department.

The earlier a problem is identified and reported, the better. Businesses of all sizes need to stay alert.

The opinions expressed by the writers and those providing comments are theirs alone, and do not reflect the opinions of Fuji Xerox Smart Work Innovation, or the management. Fuji Xerox Smart Work Innovation is not responsible for the accuracy of any of the information supplied by the writers.