Fraud in Focus – The impact of phishing, pharming, and whaling on SMBs

As the digital landscape expands across the Asia Pacific region, small and medium-sized businesses (SMBs) are increasingly adopting digital payments to drive growth. Cards and digital wallets have become popular payment acceptance methods, reflecting the shift towards digital commerce.¹ This adoption aims to improve consumer experiences, reach new market segments, reduce costs, and more. However, this SMB growth also brings more attention from fraudsters.

Recent data reveals that 44 per cent of businesses in Asia Pacific have encountered phishing, pharming, and whaling attacks last year.² This underscores the prevalent threat landscape these businesses, including SMBs, face. Understanding and mitigating these threats is crucial for ensuring the sustainability and security of digital transactions in the region.


Understanding phishing, pharming, and whaling threats

Phishing, pharming, and whaling are sophisticated threats that rely on impersonation and deception to breach security measures. Phishing involves deceptive communications, typically via email, designed to steal sensitive information such as login credentials or financial details. Attackers often masquerade as trusted entities, making it difficult for victims to distinguish between legitimate and fraudulent messages.

Pharming is a type of phishing attack that redirects users from legitimate websites to fraudulent ones, capturing personal data such as usernames, passwords, and credit card information. Such attacks can occur without the victim’s knowledge, making them particularly insidious.

High-profile individuals within an organisation are often the targets of whaling attacks. With specially crafted messages, fraudsters aim to access high-value information or financial assets. This variant of phishing attacks is often personalised and convincing, making them highly effective.

By masquerading as legitimate inquiries or directives, these attacks can lead to unauthorised access to sensitive business systems. For example, a successful phishing attack may compromise an employee's login credentials, allowing attackers to infiltrate secure areas of a business's network. 

Financial losses are among the most immediate and severe consequences of these types of fraud. In 2023, 3.6 per cent of orders accepted by Asia Pacific businesses were fraudulent.³ This incurs revenue loss and additional costs such as fines for data breaches, compensation claims, and dispute resolutions. Beyond the financial impact, a successful fraud attack can significantly harm an SMB's reputation. When fraud occurs, particularly through sophisticated schemes like whaling, it can erode trust and loyalty, leading to a decrease in the consumer base, reduced sales, and difficulties in attracting new business.

Three SMB strategies to fight against fraudsters

1. Improve brand visibility and authenticity

Establishing a consistent brand image across all digital platforms, including social media, email, and official websites, is essential to fighting phishing, pharming, and whaling. SMBs must develop and communicate clear protocols to help consumers distinguish between genuine websites and potential counterfeits by providing visual examples and warning signs of fake websites. Partnering with trusted payment networks, like Visa, also helps boost trust and authenticity. SMBs can participate in programmes like Visa Secure, showcasing that their payment acceptance is secure by displaying badges.⁴ In this way, consumers will be assured that their transactions are protected on Visa’s payment rails and buy more from participating SMBs in the future.  

2. Bolster data protection

SMBs can protect data through a variety of means. These can involve implementing solutions and processes to protect consumer data at rest and in transit. One way is to make consumer data useless to bad actors without the right context. Through technologies like tokenisation, data is replaced with tokens that are useless to fraudsters if intercepted, enhancing the security of online transactions. SMBs can work with reputable payment networks to gain access to solutions like Visa Token Service to improve authorisations and gain consumer loyalty.⁵  Payment networks can also provide SMBs with end-to-end encryption to secure data transmission, effectively preventing unauthorised access to consumer information during payment processing. 

3. Selecting trusted sales channels and platforms

To protect sellers and consumers against fraud, SMBs should choose well-established e-commerce platforms with robust security measures. Trusted platforms offer built-in protections that shield SMBs from fraud. These platforms integrate with reliable networks and have in-house fraud prevention measures, alleviating the burden on SMBs to manage all aspects of fraud prevention themselves. This enhances security and allows SMBs to focus on their core business activities, knowing that advanced fraud prevention systems are in place. Additionally, these platforms often provide continuous monitoring and updates to address emerging threats, ensuring ongoing protection. SMBs should also regularly audit sales channels to ensure they comply with industry standards for security and privacy, maintaining trust and integrity in the buying process.

As SMBs in Asia Pacific increasingly adopt digital payments for growth, they must increase their vigilance against sophisticated online frauds like phishing, pharming, and whaling. These threats pose significant operational, financial, and reputational risks. To mitigate these risks and future-proof against evolving fraud tactics, SMBs must implement comprehensive strategies that enhance brand recognition, bolster data protection, and select trusted sales channels. These strategies allow SMBs to safeguard their operations, maintain consumer trust, and ensure sustainable growth in the digital economy.

¹ Visa, Enhancing Small and Medium-Sized Business (SMB) Financial Security and Fraud Prevention, 2024.

² Visa, Enhancing Small and Medium-Sized Business (SMB) Financial Security and Fraud Prevention, 2024.

³ Visa, Enhancing Small and Medium-Sized Business (SMB) Financial Security and Fraud Prevention, 2024.

⁴ Visa, Online shopping secured with Visa, accessed May 2024.

⁵ Visa, Visa Token Service, accessed May 2024. 

Enhancing SMB cybersecurity and payment fraud prevention

Read our second research paper for insights to keep small businesses secure