Thailand Law Library

by Thailand Lawyer

Phishing is a technique used by online scammers to acquire your sensitive information in order to access your finances or even steal your identity. Scammers use text messages, emails, and fake websites to “phish” for your passwords, PINs, or other valuable information. These well-disguised messages and webpages appear legitimate but trick you into clicking links, opening attachments, or entering private details which ultimately allow scammers to access your accounts and steal money. 

Phishing scams in Thailand have become increasingly prevalent as fraudsters develop new technologies and methods like deepfake AI images and videos. Here, we will examine how these scammers operate in the Kingdom, and what you can do to avoid falling victim to phishing or at least mitigate the damage if you’ve already been scammed.

Types of Phishing Scams in Thailand

Phishing scams involve fraudulent communications, often in the form of emails, text messages, or websites that appear legitimate. Scammers pose as trustworthy entities such as banks, government agencies, or well-known companies, to trick you into providing sensitive information. 

Email Phishing

Email phishing is the most common form of cyberattack, with nearly half of all sent emails worldwide being phishing attempts. Scammers send emails that appear to be from reputable businesses or government agents asking you to enter your login details, provide sensitive personal or financial information, or make a payment. Phishing emails often contain some of the following elements to watch out for: 

• Spoofed Email Addresses: Scammers use email addresses that closely resemble legitimate ones, often with minor variations that can be easily overlooked. Read the address carefully to ensure the email is from an official source.
  
• Untrustworthy Links: Like the sender’s email address, phishing emails may contain links that lead to fraudulent websites with URLs that seem legitimate but are not official sites. Hover your mouse over the link before clicking to check that it matches the email text.
  
• Malicious Attachments: Emails may include attachments disguised as invoices, reports, or other important documents. Be careful when opening attachments as they may install malware on your device.
  
• Urgent Language: Phishing emails often use urgent language to prompt you to act quickly without verifying the authenticity of the message. Scammers may threaten account suspension, unauthorized transactions, or security breaches to create a sense of panic. 

Smishing (SMS Phishing)

Also known as SMS phishing, smishing (or mishing), is similar to email phishing but instead, scammers contact you through text or social media messages. These scammers may text your phone directly or impersonate a trustworthy individual or business on apps like Line, Messenger, or WhatsApp. Smishing is particularly common among e-commerce scammers in Thailand who advertise fake online shops on social media sites and applications. 

Watch out for the following signs of a smishing scam:

• Unsolicited Texts: These fraudulent messages often contain links to malicious websites or prompt you to reply with personal information. Unsolicited messages requesting sensitive information are usually a red flag. 
• Urgent Requests: Like email phishing, smishing messages use urgent language to prompt quick action. They may claim there is a limited-time offer, delivery issues, suspicious bank account activity, or other urgent matters.
  
• Shortened URLs: The use of abbreviated URLs in text messages can make it difficult to verify the legitimacy of the link, increasing the likelihood that you will click on it. Be careful when opening any links from unverified sources.

Vishing (Voice Phishing)

When scammers contact you over the phone or video call to steal your information, this is referred to as voice phishing or vishing. Vishing scammers may converse with you directly or leave voicemail messages to avoid personal interaction. Alternatively, with new deepfake technologies, they may call you while impersonating the voice or image of another individual to gain your trust. 

Vishing in Thailand commonly involves:

• Impersonation of Authorities: Scammers convincingly impersonate bank representatives, immigration officials, police officers, and other trustworthy individuals or authority figures to appear more reputable.
  
• Manipulation Techniques: Criminals aim to manipulate you and exploit your sense of fear or urgency by threatening to freeze your accounts or pursue legal action. To avoid these fabricated consequences, they demand verification of account details, passwords, or personal identification numbers (PINs) which they can use to steal your money.
  
• Caller ID Spoofing: Scammers manipulate caller ID information to make it appear as though the call is coming from a real source. They may use a real human voice or a pre-recorded robocall. 

Current Phishing Trends in Thailand

Phishing attacks in Thailand are becoming increasingly sophisticated with the use of advanced techniques to bypass security measures and deceive even the most tech-savvy of people. Since the COVID-19 pandemic, phishing scams in Thailand have surged as more people engage in online activities. Scammers have exploited this increased digital dependency, targeting users with fraudulent, unsolicited communications and fake e-commerce sites. 

Scammers posing as delivery companies, online stores, and payment systems account for more than half of phishing links. Perhaps surprisingly, the most vulnerable demographic is younger adults aged 25 to 34. Their heavy reliance on smartphones for shopping, banking, and social media makes them particularly vulnerable to these attacks.

Impact of Phishing on Individuals and Businesses

Falling victim to a phishing attack can have severe repercussions for both individuals and businesses. You could suffer financial losses, identity theft, and emotional distress. Businesses face additional challenges, including compromised security from data breaches or fiscal losses, diminished customer trust, and potential legal ramifications. The consequences can be devastating, especially for smaller and medium-sized enterprises that may lack sufficient cybersecurity measures.

Recognizing and Avoiding Phishing Scams in Thailand

Phishing attacks use convincing tactics, including stolen logos and professional-looking emails to assure you of the validity of the communication. However, some signs give away an illegitimate message. Take the following steps to confirm a message is safe: 

• Verify the sender’s name and address through official channels.
• Hover over links before clicking to make sure they match the intended destination.
• Look for spelling and grammar errors and unprofessional formatting.
• Be wary of unexpected attachments which may contain malware.
• Check if the greeting and content are overly generic.

To further protect yourself from scams:

• Educate yourself on new phishing and scam techniques, how to recognize them, and how to respond appropriately.
• Use strong cybersecurity measures such as multi-factor authentication, email filters, regular security updates, and anti-phishing software.
• Never share sensitive information through email, including account details, credit card numbers, email addresses, passwords, or identification documents. Always log in to your accounts directly through official websites.
• Report suspected phishing links to relevant entities such as the police and the business being impersonated.

What to Do if You Fall Victim to a Phishing Attack

Phishing attacks in Thailand are becoming increasingly sophisticated, making it difficult to avoid them entirely. If you suspect you’ve clicked on a fraudulent link, text, or website, or inadvertently shared sensitive information, take these steps to protect yourself:

1. Scan your device for malware using antivirus software.
2. Immediately change all your passwords, PINs, and security questions.
   
3. Report the incident to the:
   • Thai Tourist Police at 1155.
   • Anti-Online Scam Center (AOC) at 1441.
   • Business or individual impersonated by the scammer (if applicable).
   • Safe Browsing team at Google.
     
4. Contact your bank to alert them that you have been targeted by a phishing attack and see how they can help.
   
5. Closely monitor your online accounts for future suspicious activity.
6. Seek legal assistance from lawyers who handle fraud cases in Thailand to learn how they can help you reclaim your losses and pursue legal action against the criminal(s).