Fill Me In

As if 2020 wasn’t already tough enough (what with a global pandemic and all that), it seems a record number of Singaporeans fell prey to cybercrime in the past year. Speaking in Parliament on 16 February, Transport Minister and Monetary Authority of Singapore (MAS) board member Ong Ye Kung disclosed that the number of cases of unauthorised online banking and card transactions had jumped by a staggering 462 per cent in 2020 – 1,848 police reports of such fraudulent transactions were made, compared to 329 in 2019 and just 114 in 2018.

This statement comes hot on the heels of the Annual Crime Brief by the Singapore Police Force (SPF), where it was revealed that the number of scams shot up by nearly 65 per cent, from 9,545 in 2019 to 15,756 in 2020. Scams comprised 42.1 per cent of all reported crimes, with some 201 million dollars cheated through e-commerce scams, social media impersonation scams, loan scams, banking-related phishing scams, investment scams, credit-for-sex scams and more.

Why is digital fraud on the rise?

Unauthorised online banking and card transactions are often the result of phishing scams, in which fraudsters pose as government officials, technical support staff and bank employees over email, social media, text messages and telephone calls, in order to trick victims into divulging sensitive data such as credit card details, bank account numbers, user IDs, passwords and other log-in information.

READ: ScamShield: A New Local App that Blocks Scam Calls and Texts

Coronavirus

And, like much of 2020’s woes, it appears COVID-19 is to blame for the significant spike in cybercrime. The pandemic has forced many of our everyday activities into the virtual realm, from online shopping to remote working to internet banking, and this seismic shift in digital behaviour has not only created a greater opportunity for fraudsters to launch social engineering attacks like phishing, it has also given scammers a greater incentive to develop more sophisticated tactics in targeting potential victims.

Additionally, criminals have been taking advantage of the COVID-19 situation, leveraging on the heightened levels of fear and uncertainty amongst the general population to swindle new victims, particularly among the elderly.

Ease of access

The widespread availability of phishing kits could be another contributing factor in the rise of digital fraud. Bundling together phishing website resources and tools that need only be installed on a server, these kits make it facile for cybercriminals, even those with limited technical skills, to carry out phishing campaigns – and if you know where to look, they’re readily available on the dark web.

Speed of hacking

Moreover, major improvements in computing power have dramatically accelerated the speed with which cyber crooks can acquire private information. Employing a trial-and-error approach known as a brute-force attack, hackers are able to match lists of stolen usernames and passwords against different online accounts via specialised software, thereby gaining illicit access to financial accounts and siphoning off money within mere seconds.

What is being done to combat digital fraud?

Given the growing number of and concern over unauthorised transactions, it is encouraging to know that we haven’t been left to the mercy of hackers and scammers, with a variety of initiatives implemented in recent years to help stem the tide of cybercrime.

Personal Data Protection Act

You’ve probably heard the acronym “PDPA” before. Updated in August 2018 and put into effect in September 2019, the Personal Data Protection Act (PDPA) aims to protect citizens against data theft, an ever-present risk underscored by incidents like the 2014 SingPass scandal and the 2018 SingHealth leak.

The revised PDPA rules ban organisations from collecting, utilising and disclosing NRIC details, except when required by law or in instances where precise verification of identity is needed. Should there be a data breach, individuals affected must be notified “as soon as practicable”, while the Personal Data Protection Commission must be informed within 72 hours.

This is because, in the wrong hands, an NRIC number can be used to unlock personal information such as income level, residential address, medical status and property ownership, among others. Leaked demographic data also puts individuals at a higher risk of being hit by phishing attacks.

READ: Reported crimes rose 6.5% in 2020, largely due to 65% spike in scam cases

Anti-Scam Centre

Founded in June 2019 under the Singapore Police Force’s Commercial Affairs Department, the Anti-Scam Centre tackles the always-evolving landscape of cybercrime through close collaboration with telecommunications companies, online marketplaces, and financial institutions such as banks and fintech firms. Its biggest success to date involved the recovery of 6.6 million dollars from a money-laundering scheme in October 2020.

Inter-Ministry Committee on Scams

Bringing together the Ministry of Home Affairs, the Ministry of Communications and Information, and the Ministry of Trade and Industry, an Inter-Ministry Committee was formed in March 2020 to “formulate and execute” a comprehensive strategy that would work to deter fraudsters, mitigate victim losses, and educate the public on the dangers of these ruses.

Safer Cyberspace Masterplan

To complement Singapore’s Smart Nation initiative, last year the government announced its Safer Cyberspace Masterplan 2020, with an eye to fend off cyber threats amidst the nation’s rapid digital transformation. Eleven key strategies were outlined, including the establishment of the Cyber Fusion Platform, which would provide local authorities with early warning against malicious attacks through artificial intelligence (AI) analysis; the creation of the Cyber Hygiene Portal to help businesses spot weaknesses in their web domains, email systems and connections; and the launch of the Cybersecurity Labelling Scheme, which guides consumers into making informed decisions with a tiered reference to security levels (similar to energy labels) on Internet of Things devices.

ScamShield app

iPhone users can breathe a sigh of relief with the ScamShield mobile app, which debuted in November 2020 with plans to expand to Android systems soon. Jointly developed by the National Crime Prevention Council and the Government Technology Agency, ScamShield uses AI to identify and filter out text messages and phone calls sent by fraudsters. Since its introduction, the app has helped to block over 265,000 nefarious texts and calls from reaching its 84,000 users.

How can we stay safe online?

It’s far too easy to fall into the trap of the “it won’t happen to me” mentality, but the statistics prove that no one is immune to scams. Anti-cybercrime initiatives are all well and good, but nothing will work unless we ourselves exercise vigilance.

Don’t be click-happy

To better defend yourself against phishing attacks, it pays to be cautious about opening links and files sent over email or social media. Examine the URL carefully to ensure the link is legitimate before you click on anything, and don’t reveal personal information like passwords and bank account details. If an offer sounds too good to be true, then it probably is.

Create strong passwords

A recent CyberNews analysis of billions of passwords from publicly leaked data breaches unveiled that the most common passwords in use around the world are, believe it or not, “123456”, “123456789”, “qwerty”, “password” and “12345”. These passwords may be easy to remember and easy to type, but they’re also easy to crack, leaving you vulnerable to hackers.

Here are a few tips to keep in mind as you think up a strong(er) password:

• Opt for a password with at least 12 characters in a random combination of upper-case letters, lower-case letters, numbers and symbols
• Avoid passwords that are obvious or generic (“password” itself is a no-go), and that follow sequential keyboard paths like “12345” or “qwerty”
• Don’t use anything personal in your password, whether it’s your birthday, your nickname or worse, your NRIC number
• Choose a passphrase instead of a password, and substitute a couple of letters with numbers and symbols, such as “iwent2DISNEYLANDwhen1was5”
• Never recycle passwords
• Use a unique password for each of your online accounts

If you’re worried you won’t be able to remember a bunch of different passwords, you can always use a password manager, such as Dashlane and KeePass. Alternatively, you can try biometric authentication methods like facial and fingerprint identification. You can also test how strong a password is with the Cyber Security Agency’s Gosafeonline Password Checker.

Enable two-factor authentication

Wherever possible, turn on two-factor authentication, which adds an extra layer of security to your online accounts through one-time passwords sent to your phone or biometric verification like fingerprint scans.

Stay up-to-date

You’re in the middle of working on a project or watching a film when a little window pops up on your laptop or smartphone to tell you that a software update is available. Annoyed, you click the “remind me later” button. Sound familiar? Well, that could be to the detriment of your bank balance. Vital to digital safety, regular software updates help to fix or remove computer bugs, patch up security holes, safeguard personal data and more, thus equipping your devices (and you) with enhanced protection against hackers, malware and other cyberthreats.

Use a VPN

Surfing the web can be a risky business, especially if you’re using a public or unsecured Wi-Fi connection. That’s where a virtual private network (VPN) comes in handy. VPNs secure your internet connection by encrypting your information and shielding your online activity from others, making it difficult to track and gather information about what you do and where you go on the web. Although you’d usually have to pay to use a VPN, you can check out free services like ProtonVPN and TunnelBear if you don’t need unlimited data.

Take care

We’ve said it before and we’ll say it again: never ever give out confidential information, including but not limited to your NRIC number, bank account and credit card details, passwords, PIN codes and user IDs. You should also check your credit card statements and bank balances frequently, and keep up with the news so you’re aware of the latest scams.

What should you do if you’ve been scammed online?

If you spot an unauthorised transaction in your credit or debit card statement, contact your bank immediately so they can block your card to prevent scammers from making another fraudulent transaction. An investigation will be conducted and if your dispute is found to be valid, the bank will reverse the charge or refund the sum of money lost.

You should also go to your nearest police station as soon as possible and file a report. Submit any documents, screenshots or online conversations in your possession so the police will have more evidence to go on for their investigation. And if you’re still not sure what your next steps should be, call 1800-722-6688, a hotline maintained by the police and the National Crime Prevention Council for victims of scams in Singapore.

Join the conversations on THG’s Facebook and Instagram, and get the latest updates via Telegram.