BRANDED CONTENT
Good cyber hygiene routine can keep dirty tricks of scammers at bay
Technical support scams are on the rise, with at least 78 police reports filed since January 2024
Sign up now: Get ST's newsletters delivered to your inbox
Enabling automatic software updates is one way to ensure that your device is protected from the latest threats.
PHOTO: GETTY IMAGES
Jeremy Theseira, Content STudio
Follow topic:
Evenings are a time when Mr Ng Jia Xiang, 38, winds down with video games. But one evening in 2021 was anything but relaxing.
“I couldn’t log in at all, which is strange as I had not changed my password recently,” says the freelance web designer. He didn’t, but someone else did – without his knowing who, how or when.
“I became really paranoid,” he says, adding how he had previously received unknown email login notifications.
Since then, Mr Ng has been running weekly anti-virus scans on his computer and mobile devices, and enabled two-factor authentication (2FA) wherever possible. He also started using a password manager to save all his login details, and to generate stronger passphrases.
The episode continues to bug him. “I never figured out how it happened, and can only hope that the perpetrators did not obtain sensitive information. I’ll just try to keep everything cleaned, checked and updated as much as possible.”
Mr Ng’s actions are in line with “cyber hygiene” recommendations. The Cyber Security Agency of Singapore (CSA) defines “cyber hygiene” as practices performed regularly to maintain the digital health and security of devices, networks and data.
4 ways to stay cyber-safe
- Enable 2FA, such as one-time passwords from a digital token/SMS and use strong passphrases of at least 12 characters, with a mix of numbers, symbols and upper/lower case letters. Do not use the same passwords for different accounts.
- Beware of phishing scams by verifying the authenticity of emails, calls or requests through official sources and checking with family and friends.
- Update software promptly by enabling automatic updates. Regularly review and remove apps that are not needed.
- Add ScamShield and anti-virus apps from official app stores, and refer to CSA’s recommended security apps list at go.gov.sg/antivirusapps
“Adopting good cyber hygiene practices will enable us to better secure our confidential data and valuables from cyber criminals,” says Mr Henry Tan, deputy director of the Cybersecurity Engineering Centre, CSA.
“It is also important for everyone to keep up to date with scam trends as cyber criminals are constantly thinking of new ways to trick victims.”
He adds that users can subscribe to CSA’s advisories and follow their social media accounts (details at csa.gov.sg) and visit the Scam Alert website (scamalert.sg) for the latest information.
Yet the use of good cyber hygiene practices has been mixed, notes CSA’s Cybersecurity Public Awareness Survey in 2022, which polled 1,051 respondents, aged 15 and above.
More had enabled 2FA (35 per cent) and installed cybersecurity apps (50 per cent) compared with those polled in 2020 (22 and 39 per cent respectively).
But there was a dip in users who could identify strong passwords (54 per cent, down from 56 per cent) and those who did timely software updates (27 per cent, down from 30 per cent).
Scams getting more sophisticated
- Can you tell a deepfake video apart from a real, recorded one? Front-line staff at this bank underwent anti-scam training to ensure they can spot and manage scams, including malware and deepfake scams.
- 960 people fell for scams involving tickets to Taylor Swift’s concerts, with more than $538,000 lost. Some bought tickets from resellers, only to discover that they were fake and could not be used to enter the venue.
- An elderly man was targeted in three scam attempts over two months. He would have lost $3.7 million if not for the swift intervention of the police and his banks.
To enhance safeguards against scams, the CSA rolled out two initiatives this year.
The Safe App Standard, launched in January, provides a common benchmark and guidance for local app developers and providers to protect their applications, guarding users against common malware and phishing attempts.
Measures include having secure authentication mechanisms to validate a user’s identity, preventing unauthorised access.
“We encourage developers of apps created and hosted in Singapore to adopt the standard, especially for apps with high-risk financial transactions,” says Mr Tan.
An enhanced fraud protection feature within Google Play Protect for Android mobile users rolled out last month, in partnership with Google, blocks the installation of apps not registered with Google and distributed through Internet-sideloading sources such as browsers and messaging apps.
The feature will assess and block these apps if sensitive permissions, such as access to SMSes, are requested.
Guard up against pop-ups
Received a pop-up notification that your computer is compromised?
Think twice, as it could be a “technical support scam”, says Police Superintendent Rosie Ann McIntyre, assistant director of the Scam Public Education Office Operations Department, Singapore Police Force.
At least 78 police reports have been filed since January this year, with losses of more than $6.7 million.
How does it work? The pop-ups lead users to believe that their device is compromised by hackers for illegal activities, prompting them to call a fake technical support hotline to resolve the issue.
“Users would be asked to access websites or download legitimate remote software to allow scammers to remotely access their devices,” says Police Superintendent McIntyre. “Scammers may also attempt to make calls to potential victims with the same deceit.”
On such calls, scammers posing as police officers would “help” victims lodge a fraudulent police report and log into their internet banking account to “apprehend” the hackers.
They would then remotely access the victim’s computer to make unauthorised transactions using the victim’s bank account.
Police Superintendent McIntyre advises: “Refrain from clicking on such pop-up notices or links within them, and only seek technical support from reputable sources.”
This is part of a series titled "Act against scams", in partnership with the Singapore Police Force.
