If you’ve read anything about PC or mobile security in recent times, it might be tempting to think that device operating systems have become so adept at warding off malware that you needn’t worry anymore. But crime in Singapore surged by 24% last year and of the 46,196 cases reported, more than half were online scams! Indeed, online scams ballooned by 53% last year and that number is likely to continue to grow. There are many factors that have caused this situation (with many relating to Covid) but at almost every turn, such incidents can be averted with the help of antivirus software and good cyber hygiene. These help safeguard you against the advanced tactics and techniques used by today’s savvy cyber criminals.
1. Follow the news and be aware of new phishing techniques
2. Be alert before giving away your personal information
3. Think twice before clicking
4. Check your online accounts regularly for suspicious transactions or activities
5. Use a reliable anti-phishing solution
A big part of the security problem is that most of us don’t see the need for cybersecurity, which is often taken for granted until we become victims of an online attack. What’s really needed is an invisible technology that runs silently in the background, protecting you from all types of digital threats, without interrupting your usage.
It’s these areas that the best antivirus software has been focusing on – protecting people from ongoing online cyber threats simply, with ‘install and forget’ technology that provides immediate safety and won’t cause system slowdowns. But our changing technology tastes have also meant that digital criminals are no longer just targeting traditional computers – scammers have branched out to include (and arguably prioritise) mobile devices. This is why, in 2022, having the right security for both your PC and mobile devices is essential.
How Singaporean phishing-related scams work
An inherent problem with protecting people from scams is that no security technology can fully override a determined human – so it’s crucial that we learn to recognise the common ways that crooks target us. Many of the following scams are prevalent around the world, but the digital security experts at ESET Singapore have flagged the following four as of high concern in our region.
Here’s what you need to know about these common scams, plus some simple advice on how to stay protected:
1. Fake email & text message scams
These widespread scams typically involve criminals threatening account closures, offering unbelievable deals or warning about delivery problems. The common theme of these targeted (and untargeted) scams, is that fake entities deliver unsolicited messages that either directly relieve you of your hard-earned money, or trick you into giving out security credentials. Learning your credentials enables cybercriminals to either gain access to your sensitive data (like government and medical records or bank accounts) or commit identity fraud which enables them to obtain goods, services, loans, credit cards and bank accounts for themselves… in your name!
These scams exploded when Covid-19 first struck, because lockdown meant that many common shopping tasks were outsourced to delivery companies. With so many more people expecting deliveries and with there being so many more reasonable reasons to explain delays, the opportunities for the bad guys increased dramatically. Now that we’re moving into a new normal, the growth-rate of scams shows no sign of slowing down. Bank phishing scams, in particular, are accelerating, plus the ease of casting out an enormous fraudulent net (consisting of thousands of emails and text messages) mean that big payoffs can be gained from just a tiny number of people responding.
Typically, the scammer provides a link to a website where you can ‘pay a fee’ to address an issue. While some messages ask for large, red-flag-raising amounts, others fly under the radar by asking for a few dollars for reasonable things like processing and admin fees. Another example, which recently started to blight Singapore, involves directing people to fake surveys from local banks and offering cash rewards for filling them in. These fake websites are often near-exact copies of the bank’s originals, so they can fool even savvy users. Swiping a few dollars also isn’t the real target – their goal is to get you to type your payment details into a fraudulent website, so they can steal your credentials. This can even involve asking for a one time password (OTP). The scammer can then immediately make purchases on your credit card or use them to access your other, far-more-important accounts. If you’ve been personally targeted by hackers who already have some of your personal details, giving them your harder-to-get OTP might be all they need to wreak havoc.
2. Online purchase scams
Online purchase scams have also evolved considerably and now take many forms. One Singaporean example, which the Straits Times reported saw sellers lose SG$35,000 in a single month, involves criminals buying your goods at online marketplaces and asking to pay via a fake service called PayNow. The seller then receives an email with a URL to receive an instant payment, which directs them to a fake webpage that impersonates their bank, where they’re told to provide their security details.
Other scams see cybercriminals using random number generators to identify valid credit card details. They initially attempt a small debit but, once a working combination has been identified, they will go on a spending spree.
Elsewhere, digital card skimming scams see fake (often disguised) web forms being presented as online checkouts. Plus, ‘vishing’ (voice phishing) sees overseas fraudsters calling up with fake caller ID Country Codes (+65 for Singapore) in order to appear more legitimate. Even though local phone carriers have phased out displaying the +65 prefix for local calls, some legitimate businesses still use them, so they aren’t a fool-proof way of identifying phone scammers.
More disturbingly, recent SMS scams manipulate cybercriminals’ caller IDs to make fraudulent OTP requests appear in the same smartphone message threads that legitimate institutions have previously used to contact you!
3. Fake apps
Researchers at global security firm ESET recently identified a string of ads for fake Malaysian apps (which are still being promoted across social media) that mimic genuine local services for cleaners and pets, specifically Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy, MaidACall and PetsMore. These follow on the heels of fake ads for Singapore Pools apps. They include fake Google Play download buttons that direct people to compromised servers, displaying lookalike Malaysian banking pages that ask for your credentials. The process also requests access to your SMS messages, which provides visibility of your two-factor authorisation (2FA) credentials.
The ESET researchers have added that, “While the campaign targets Malaysia exclusively for now, it might expand to other countries and banks later on. At this time, the attackers are after banking credentials, but they may also enable the theft of credit card information in the future.”
4. Investment scams
Investment scams are the costliest in Singapore, with SG$190.9 million being stolen last year and with the number of annual cases more-than doubling: up from 1,096 to 2,476. Here, criminals either hack social media accounts associated with government leaders, prominent business personalities and celebrities and post messages to scam sites or apps, or create offers that claim to have that celebrity’s endorsement. Recent notable targets include Prime Minister Lee Hsien Loong and Elon Musk, and the aim is to dupe their trusting followers into making fraudulent investments. These commonly involve endorsing dodgy cryptocurrencies, or extolling promotional offers whereby those who send in a few crypto coins will get more back.
How digital security products can help protect you
Even the most security-conscious people can make mistakes or do the wrong thing – that's why everyone should consider using an antivirus solution such as ESET Internet Security, which protects you against all types of online and offline threats.
Protection for your laptop or PC
The good news is that ESET’s Internet Security suite provides you with automatic PC or laptop protection from the above online scams. This includes using the anti-phishing feature to scan emails and detect (and remove) spam and scams. Plus, it monitors your web browser to detect and block websites with malicious content. It also identifies and blocks web pages known to distribute criminal activity, that use social engineering or try to gain access to sensitive data such as bank account numbers, PINs and more.
ESET’s anti-phishing features work in combination with its real-time LiveGrid preventative system, which gathers information about threats and phishing sites from around the world. By doing so, ESET antivirus software is able to offer protection against the latest phishing attacks. With this technology, users can surf the web with peace of mind while always being protected.
There’s even a secure browser to ensure that your financial transactions (and sensitive personal details) are protected when shopping or banking online. This encrypts the communication between your keyboard and browser – preventing any keyloggers from recording what you type and sending it to criminals. This is particularly useful when making banking transactions, typing your credit card number and entering other sensitive personal information.
Protection for mobile
If you’re looking to secure your Android device, ESET Mobile Security comes with many features that automatically protect you from online scams and keep you safe from dodgy apps and websites, while checking that your financial transactions are legit.
Ultimately, with anti-phishing technology, malicious websites cannot gain access to sensitive information if you unsuspectingly open a bad link on your mobile web browser – these links are often found in SMS messages and email. In this way, you’ll always be informed about phishing attempts whenever you use your mobile phone to browse, play or shop.
Furthermore, the real-time scanning features ensure that all installation files and installed apps are automatically screened for malware, leaving you protected and assured that you are well-protected against online and offline threats.
At the end of the day, no one can go it alone: people need to be aware of scams and use technology to help protect them. To help you get the highly-rated protection for all your devices, TechRadar has partnered with ESET to provide a special 30% discount on the award-winning ESET Internet Security suite.
