Filipinos are known for being fashion-conscious and for their world-class beauty but how are they in terms of being cyber savvy? An online survey by Kaspersky Lab showed Filipino Internet users still commit cybersecurity mistakes that make them at risk of the ever-present threats online.
The global cybersecurity company tested the cyber savviness of 18,000 Internet users from 16 countries, including 1,394 from the Philippines. Respondents, who are all over 18 years old, answered questions which determined their online habits and cyberthreat awareness. Final scores were categorized based on Kaspersky Lab’s experience in combating cyber threats.
Users who chalked up over 137 points are the safest as they are cyber savvy enough to know the rules of safe behavior on the Internet and make the right decisions. Netizens who got 113-137 ratings are secure — they make some dangerous mistakes online but generally behave carefully and safely online. Those who scored 75-113 are averagely at risk. This means that they are able to identify only half the cyberthreats they encounter.
Survey respondents who gained scores below 75 show very threatening online behavior as they cannot recognize cyberthreats and do not consider such issue as an important matter.
Filipino respondents scored 97 over-all, two points higher than the global average of 95 but well within the at risk group. This means almost half of respondents from the Philippines were not able to identify the cyberthreats they encountered, making them vulnerable to cyberthreats.
Survey results showed one of the harmful online habits of nearly half (49.4%) of Filipino Internet users is keeping applications they don’t use, even those that were left unused for a long time. The Philippines ranked the worst in this category among the 16 countries included in the survey. The global average is just 37%.
This seemingly little mistake can serve as an accessible entry for cybercriminals looking for prey, according to one of Kaspersky Lab’s security experts.
“Keeping unused applications on their devices is a common mistake for Filipinos. It is a dire error to leave apps with old software stocked on your devices because these applications have outdated programs which may become a widely open door that cybercriminals can exploit easily. These old apps can be used to turn your beloved devices against you,” says Anthony Chua, Territory Channel Manager for the Philippines and Singapore at Kaspersky Lab Southeast Asia.
The online survey also asked respondents to select what they would do if they received an email from the ‘tax office’ with the attached Word document “Information about your unpaid fines.” Such frightening or arresting emails often contain malware masked under common harmless formats like the text format.
This technique of sending emails carrying infected word attachments is used by a Trojan named Locky, a ransomware discovered by Kaspersky Lab just last February, which is still actively propagating in 114 countries worldwide, including the Philippines.
Although majority of Filipinos did not fall for this trick, there are still nearly two (16%) in every 10 respondents who chose to open an attached file without scanning it with an online security solution. In this category, the Philippines scored the second worst after India with 19%. The global average is just 9%.
In an earlier report, Kaspersky Lab also revealed the same survey showed a great majority of Filipino internet users are vulnerable to phishing attacks online as only 11% or 1 out of 10 netizens can identify a safe web page.
Kaspersky Lab tested the ability of respondents to distinguish a fake page against a genuine page by letting them choose one of four offered web pages on which they would freely enter their personal information.
Three out of four pages were screenshots of phishing pages detected by Kaspersky Lab experts on the Internet. Special samples were selected for each country and for the Philippines, Kaspersky Lab used Facebook, the leading social media platform in the country.
The survey discovered 72% of Filipino respondents couldn’t distinguish a phishing Facebook page against a genuine one. This is the second worst score following Mexico’s 84%. The global average is 58%.
“Filipinos are known as one of the most active social media users. There are currently over 47 million active Facebook accounts* from the Philippines and cybercriminals are very aware of this. While Facebook has its own perks, simple attacks like phishing happen as it essentially plays on an Internet user’s carelessness. If Filipinos continue to be unmindful when using social media platforms, then it shouldn’t be surprising if more cases of scams and identity theft arise,” warns Chua.
How to avoid phishing?
Unfortunately there is no real cure for phishing attacks aside from paranoia-level vigilance of an Internet user. It’s easy to get infected. But here are 10 tips from Kaspersky Lab on how users can protect themselves:
Always check the link, which you are going to open. If it has some spelling issues, take a double-take to be sure — fraudsters can try to push on a fake page to you.
Enter your username and password only when connection is secured. If you see the “https” prefix before the site URL, it means that everything is OK. If there is no “s” (secure) in the prefix, then beware.
Even if you’ve received a message or a letter from one of your best friends, remember: they could also have been fooled or hacked. That’s why you should remain cautious in any situation.
The same applies to the emails from official organizations, such as banks, tax agencies, online-shops, travelling agencies, airlines and so on. Even from your own office. It’s not that hard to fabricate a fake letter that looks like a real one.
Sometimes emails and websites look just the same as real ones. It depends on how decently fraudsters did their “homework.” But the hyperlinks, most likely, will be incorrect — with spelling mistakes, or they can address you to a different place. You can look for these tokens to tell a reliable site from a fraud.
It’s better not to follow links in such letters at all. Instead you can open a new window and enter the URL of your banks or online shop manually. In this case you’ll not miss a discount or a special offer (if there is one) — and will not become a fraudsters’ victim.
When discovering a phishing campaign, you should report it to the bank (if the fraud imitates the bank emails) or to the support desk of your social media network (if malicious links are sent by one of the users) and so forth. This really helps to catch criminals.
If you can, don’t log in to online banks and similar services via public Wi-Fi networks in cafes or on the streets. It’s better to use mobile connection or wait a bit than lose all the money on your credit card. The thing is that these networks can be created by fraudsters, who spoof website addresses during the connection and thereby redirect you to a fake page.
Files sent by your massively multiplayer online role-playing game (MMORPG) comrades may be malicious ransomware or even spyware, just like attachments to messages and emails. So be vigilant!
Install reliable Internet security solution and follow its recommendations.