Only 4 per cent of Singaporeans able to identify all phishing e-mails correctly: CSA survey

Phishing e-mails have grown in number and sophistication over the past few years. PHOTO: THE NEW PAPER

SINGAPORE - Phishing e-mails that attempt to trick victims into giving up personal information continue to be a significant cyber threat in Singapore, with only a handful of respondents of an online poll correctly identifying all phishing e-mails shown to them.

In the online public awareness survey conducted by Cyber Security Agency of Singapore (CSA) last December, two-thirds of the 1,000 respondents had indicated they knew what phishing is.

But only about 40 correctly identified all eight e-mails given by the survey, six of which were phishing e-mails. The other two e-mails did not involve an attempt to fraudulently extract details.

In the CSA poll, more than half of the respondents were unable to identify the two legitimate e-mails correctly, either pegging the e-mails as phishing attempts or indicating that they were unsure.

Just over half (57 per cent) were able to identify e-mails with suspicious attachments and about the same number (53 per cent) could correctly identify e-mails that had fraudulently requested confidential information.

Police figures show that between January and March this year, bank phishing scams were responsible for 374 victims losing at least $1.6 million in total.

Scammers had used e-mails and text messages and posed as bank staff to trick the victims into revealing their Internet banking details.

The section on phishing was a new addition to the CSA's annual public awareness survey, which has been conducted since 2016.

The survey revealed high levels of concern for cyber incidents among members of the public, but many respondents continued to think that these incidents would not happen to them, the CSA said.

For example, only 47 per cent of respondents were found to have installed security applications in their mobile devices, despite 85 per cent acknowledging the risks of not installing such applications.

"With our increasing reliance on technology, especially amid the Covid-19 pandemic, opportunistic cyber criminals now have a bigger hunting ground," said CSA chief executive David Koh.

"It is important for us to shake off the 'it will not happen to me' mindset, stay vigilant, and take steps to protect ourselves online so that we do not become the next victim."

Phishing e-mails have grown in number and sophistication over the past few years.

There were 47,500 cases of phishing in Singapore last year, nearly three times the number in 2018, according to the CSA.

There were also 1,500 dubious links sent between March and May this year during Singapore's circuit breaker period, double the number in the preceding three months.

Communications and Information Minister S. Iswaran noted that Singaporeans are beginning to practise better cyber hygiene habits such as using two-factor authentication (2FA) for more secure online transactions.

"However, the (survey) findings reveal that even among younger and more cyber-savvy Singaporeans, we may not always be able to differentiate between legitimate and phishing e-mails,"Mr Iswaran said in a Facebook post on Friday (Aug 21).

"So let's not let our guard down."

Join ST's WhatsApp Channel and get the latest news and must-reads.