What do you do when your CEO emails you with an urgent request?
You immediately do what he says, of course.
This behaviour, however, is the exact reason why employees in Singapore are falling prey to CEO email scams that put the company’s data and funds at major risk.
Among 11 Southeast Asian countries, Singapore recorded the highest number of business email compromise (BEC) scams last year, according to a report published on Monday (March 11) by cybersecurity firm Trend Micro
BEC scams involve hackers impersonating a company’s CEO over email, then writing to employees requesting information or funds.
The report did not reveal the exact numbers, but said Singapore accounted for 27.3 per cent of all BEC fraud cases in the region.
The countries with the next-highest number of BEC scams were Malaysia (26.1 per cent) and Indonesia (25 per cent).
BEC attacks, which “capitalise on the human desire to respond to urgent requests from authority,” are a “pressing issue” among Singapore-based companies, Trend Micro said in a statement.
It added that BEC scams often go undetected by security measures, because they do not use malware. Instead, employees willing hand over data, system access, or whatever the hacker has requested.
On average, a successful BEC attack can net hackers about S$177,000 (US$130,500), Trend Micro said.
It added that the global number of BEC attacks last year had also increased by a third.
Trend Micro’s vice president for Southeast Asia and India, Nilesh Jain, said that attackers previously relied on “spray and pray style attacks”, but were increasingly using targeted emails, which were proving effective at fooling victims.
Jain suggested that to defend against these attacks, companies should install software that analyses the email writing style of key executives to detect if an email is fraudulent.
Apart from BEC scams, Singapore was also the most vulnerable country in SEA to malicious URLs, with the republic accounting for nearly 70 per cent of this type of cyberattack in the region.
Malicious URLs are links that download and infect a device with malware when clicked on.
In Singapore, over 3 million malicious URLs were hosted locally, and over 15 million victims fell prey to these URLs, the report said.