Lost Business to Phishing? Check out How to Recognize and Avoid Phishing Emails!

Recently, phishing methods disguised as business emails have become more sophisticated, and the number of cases of attacks targeting corporate information assets has skyrocketed. Emails with subjects such as "Payment Confirmation Request" or "Password Update Notification" look like they were sent from an authorized party at first glance, so many people are caught off guard and end up clicking on links or entering personal data unsuspectingly. As a result, email information leaks and the resulting financial losses are becoming increasingly serious.

In this article, we will fully review one of the real cases that happened to a company, discuss the latest phishing methods used, how to recognize them, and concrete steps that companies and individuals can take to prevent becoming victims.
 

Spam and Phishing Are Getting More Sophisticated - Check out the Latest Cases to Watch Out For!

In recent years, the number of phishing emails posing as legitimate companies or financial institutions has increased rapidly in many countries, including Japan and Indonesia. The methods used are becoming more sophisticated, with the main goal of stealing login information, personal data, or access to the company's internal systems. These attacks pose a serious threat to both individuals and businesses.

In Japan, for example, phishing attacks on behalf of Sumitomo Mitsui Bank were highlighted in late 2024 to early 2025. The fake email, made to look like it came from an official bank, contained a warning about account access restrictions and a request to log in immediately. The link in the email led to a fake website that closely resembled the official website , where users unknowingly entered their important data. Similar cases have also occurred with Monex Securities and ANA (All Nippon Airways), which used reward campaigns and mileage programs to lure victims.

In Indonesia, similar phishing schemes have occurred, one of which poses as BCA Bank. Victims receive an email or SMS that appears to be official and contains messages such as: "Your account has been frozen, please verify via the following link." When the link is opened, the user is directed to a fake site that requests KlikBCA login data, OTP code, and ATM card information. The data is then used by the perpetrator to access and drain the contents of the victim's account. Not only financial institutions, but the perpetrators also target e-commerce platforms such as Tokopedia, by sending emails containing false information about prizes or promos, then directing victims to a dummy site to steal login data.

Both in Japan and Indonesia, phishers capitalize on users' trust in reputable brands and create a sense of urgency or tempting rewards to tempt victims to provide personal information. For this reason, it is important for users to always be on the lookout for suspicious messages, verify website addresses, and not carelessly enter personal data through links sent via email or SMS.
 

Why it's Hard to Recognize? These are the Common Characteristics of Phishing Emails that are Getting More Sophisticated

In the past, phishing emails were easy to spot because they usually used strange language or unknown senders. With a sufficient level of literacy, one could easily detect the email as a scam. However, in recent times, the number of increasingly sophisticated phishing emails-such as Business Email Compromise (BEC) or emails aimed at stealing information-has increased rapidly. Even officers with high IT knowledge often slip up and unknowingly enter their personal information.



The background to this phenomenon is the perpetrators' attempt to create fake emails that "look genuine". Typically, they mimic templates from real companies or financial institutions, and use polite phrases such as "Dear Sir/Madam" or "Thank you for your trust", complete with signatures that include department names or employee names that appear official. Some emails even quote previous conversations, making it even harder to distinguish them from legitimate communications.

Here are examples of sentences that are often found in phishing emails:

• "There has been unauthorized access to your account. Please login through the following site immediately. Otherwise, your account will be disabled for security reasons."
• "Your account failed to renew for service ●●. Your card may have expired.""
• "We have an important notification regarding the delivery of your item. Please verify your details via the following link. If verification is not done within the specified time, your shipment will be delayed."
• "Based on regular checks to improve security, your account requires re-verification. Please follow these steps to complete the verification."

These traits often make victims feel pressured to act immediately, without realizing that they are actually being trapped by a scam.

In addition, it is very easy to change the "sender name" or "sender email address" in an email, so the perpetrator can easily impersonate a real company or organization. Therefore, just by checking such information, it is difficult to judge the authenticity of the email. Therefore, relying solely on internal notifications within the company is not enough to prevent phishing attacks.
 

Human Error Can Impact Company Losses? The Importance of Email Security

In recent years, phishing methods have become more sophisticated and pose a serious threat to companies. Especially, a small mistake from one employee can cause huge losses for the entire company.

In 2023, a large company in Japan experienced a case where the email account of one of its employees was hacked, and unauthorized emails were sent from the account. As a result, the company and its business partners received emails containing potentially harmful false instructions. To respond and investigate this incident, the company had to incur huge costs.

In addition, many reports of business email compromise (BEC) have come in to the IPA (Independent Information Processing Development Organization). In one of them, a company employee caught in phishing sent funds to a fake account several times. This kind of BEC case not only costs companies financially, but also damages their reputation and credibility.

To make matters worse, there have been cases where internal system management panel login information was stolen through phishing, allowing perpetrators to infiltrate the system and steal data, known as ransomware. For example, in January 2023, a shipping company reported that the device used to manage personal information was infected with ransomware, causing a possible data leak of about 6,000 cases. The cause was weaknesses in the server and the use of passwords that were not strong enough.

In Indonesia, phishing attacks have also caused significant losses to several companies. One of them is a large e-commerce company, Tokopedia, which in 2020 experienced a phishing attack on behalf of the company's internal parties.

The perpetrator managed to access the email account of one of the employees and misused it to send false instructions to the finance department and third parties related to the transaction. As a result, company funds were transferred to unauthorized accounts, leading to financial losses and damage to the company's reputation.

A similar case happened to Bank Negara Indonesia (BNI) in 2021, where customers fell victim to a phishing scam that led to a fake website that mimicked the bank's official look. Some customers lost their funds after entering personal information, which caused distrust among customers and forced the bank to improve security systems and educate customers.

These cases underscore the importance of email security and systems that can detect and mitigate increasingly sophisticated phishing threats.
 

Basic Steps to Overcome Spam Emails that Can Be Done Right Now

To protect company information and assets from increasingly severe phishing attacks, multiple security measures are required. Here are three basic steps that can be implemented to minimize the risk of loss due to phishing attacks:

1. Security Training for Employees Security training for employees conducted only a few times a year is not enough. Employee awareness of security issues needs to be raised regularly.
In addition to the frequency of training, it is important to make the training material more practical. As with disaster prevention training, just knowing the theory of "what to do" is not enough. What is more important is how employees can act calmly and appropriately when facing situations that require a quick response, such as the risks that must be faced.
For the spam email problem, one effective method is to send fake emails that mimic a real attack. This can raise awareness of suspicious emails. After training, it is important to provide further education on how to properly handle fraudulent emails. Through continuous training and education, the opening rate of suspicious emails, such as phishing attacks targeting employees, can be minimized to almost zero.

2. Email Filter Reinforcement A basic step in terms of technology is to strengthen email filters. Make sure the security software and spam filter features on your email server are up-to-date to block spam and virus emails before they are received.
In addition, to prevent emails that impersonate the company domain, implementing and managing sender domain authentication (SPF, DKIM, DMARC) is also very important.

3. Auto Scan Attachments and Links It is important to implement a system that can automatically scan email attachments and URL links to detect and isolate malware. This way, suspicious attachments or links are automatically blocked before they are opened, reducing the chance of infection due to employee error. This automatic scanning helps reduce risk without relying on human vigilance.


 

Effective Phishing Email Suppression with Cloudmatika MailBuster

To protect your company's information and assets from phishing emails, we recommend using Cloudmatika MailBuster. Cloudmatika MailBuster works by filtering malicious emails such as spam, phishing, ransomware, and more targeted email attacks when you receive emails. In addition, when sending emails, this system helps prevent your address from being listed on recipient blacklists, keeping your company's brand image intact.

Cloudmatika MailBuster also integrates with major email services such as Microsoft 365 and Google Workspace, so you can mount a layered defense against spam email attacks.

Here are some of the top features of Cloudmatika MailBuster:

Accurate Spam Filter Feature Cloudmatika MailBuster is equipped with a high-performance spam filter that works cloud based. It can identify and block spam emails and phishing emails with 99.98% accuracy. This prevents unwanted emails from entering your inbox and significantly improves work efficiency.

Automatic Spam Detection with AI Cloudmatika MailBuster uses self-learning type AI that gets more accurate as it is used. The system continuously collects data and analyzes new patterns of spam or malware that appear, so that it can immediately detect and deal with the threat.

Enables Detailed Log Checking from the Management Panel With the intuitive management panel, which is available in both Japanese and English, anyone can easily check email logs and isolated emails. Regular reports sent also help you visualize filter conditions and email traffic trends, making it easier to monitor the security situation.

Cloud System that Requires No Installation Cloudmatika MailBuster is a cloud-based solution that requires no additional hardware or software installation. By using cloud filters, the load on the mail server can be reduced by up to 80%. You only need to replace the mail server's MX record to activate it, without the need for complicated settings. This makes it easy for your IT team to implement and strengthen email protection without much burden.

Outstanding Cost Performance Cloudmatika MailBuster offers a 1-year subscription starting from IDR 390,000 per month (excluding taxes). At a very competitive price, this solution offers excellent cost performance, ideal for small, medium, and enterprise businesses.

Cloudmatika MailBuster is the perfect choice to protect your company from phishing emails and improve overall email security. In addition, Cloudmatika offers a 14-Day FREE TRIAL so you can experience the benefits


 

Start Email Protection "Now"

As the threat from phishing and other cyberattacks grows, protecting corporate email is no longer an option, but a necessity. Increasingly sophisticated phishing attacks can target any employee in your company, and one small mistake can be fatal to the security of company data and assets.

For this reason, it is important to start email protection measures now. By implementing the right precautions, such as security training for employees, strengthening spam filters, and using tools like Cloudmatika MailBuster, you can significantly reduce the risk of an attack.

Effective email protection not only protects sensitive company data, but also maintains the reputation and trust of your clients and business partners. Don't wait until a major incident occurs. Start now to ensure your company email is safe from threats.