Only one in three Singaporeans ranks guarding against online identity theft as No. 1 priority: Survey

Cyber security experts say curbing digital identity theft is more challenging as it is not as quickly detected as real-life identity theft.
Cyber security experts say curbing digital identity theft is more challenging as it is not as quickly detected as real-life identity theft.PHOTO: THE NEW PAPER

SINGAPORE - Housewife Cheryl Loke, 33, who spends most of her time taking care of her one-year-old son, never imagined she would become a victim of digital identity theft.

But last month, someone created a Facebook account with her name and profile picture, and used it to contact some of her friends for one-time passwords.

The only precaution Ms Loke has taken since this happened was to activate the two-factor authentication setting, which requires an additional security code when her account is being accessed from an unrecognised device.

Like Ms Loke, most Singaporeans are not too concerned about guarding against digital identity theft.

A recent survey by cyber security company McAfee found that only one in three Singaporeans ranked protecting their identity as their top cyber security priority, ahead of protecting privacy, connected devices, data and connected home devices. It covered 6,500 respondents worldwide, including 501 in Singapore, and was conducted last November.

The survey results, published on McAfee's website on Tuesday (Jan 2), also found that fewer than one in four people used an identity theft solution, which monitors the use of personally identifiable information and provides insurance and recovery tools in the event of identity theft or fraud.

Cyber security experts say digital identity theft is an area that has, and will become, increasingly important.

"2017 was a big year for cyber criminals taking advantage of security holes in corporate networks and downloading lots of personally identifiable information about consumers, and there's no sign of these attacks slowing down," said Mr Gary Davis, chief consumer security evangelist at McAfee.

Making it more challenging is the fact that digital identity theft is not as quickly detected as real-life identity theft, say the experts.

Mr Ryan Flores, senior manager of Forward-Looking Threat Research at cyber security company Trend Micro (Asia-Pacific), said: "In real life, you will notice immediately if your IC goes missing or is stolen. However, in the case of digital identity theft, you won't know that it has been stolen until some damage has been done."

Mr Flores added that the most popular method of stealing someone's digital identity is through hacking - such as by using brute force, social engineering or malware - which is not difficult to execute.

"It yields the highest chance of returns and works for all types of data," he added.

Cyber security experts encourage users to be vigilant and proactive in protecting their online identities. Users should use long and unique passwords, update them regularly and avoid using the same password for all their accounts.

Individuals should also learn about a site's privacy and security policies before sharing sensitive information and avoid opening e-mail attachments and clicking on malicious links.

Keeping device and application software up to date can also improve personal security, as many new versions of software or operating systems contain specific security updates designed to protect the user.

With the prevalent use of social media, users should also be careful about what they post online.

"Some cyber criminals hunt for victims on social networks, hence it is also good to be aware of what you post and the amount of information you put out, such as location, financial information and other private details," said Mr Flores.

Even making photos public on social media platforms can result in identity theft.

Consultancy firm chief executive Terence Quek learnt this the hard way.

Since June 2016, he has found more than 10 Facebook accounts set up under different names using his photos. One account even superimposed the 43-year-old's photo onto a British passport, using it as a form of identity verification.

Mr Quek said he has since made his photos private, but the fake accounts keep appearing.

The imposters often use these accounts to form relationships with women and extort money from them, said Mr Quek, who made a police report.

"I have taken precautions but I won't live in fear. In fact, I should do more on social media and expand my network so more people can alert me when they spot a fake account," he added.