Phishing attacks last year tripled from 2018

Cases also spiked during 3 months this year when people stayed home amid pandemic

The number of phishing attempts to trick users to give up personal information almost tripled last year from the year before, and doubled during the months when people had to stay home to stem the spread of Covid-19.

Revealing this in its latest report, the Cyber Security Agency of Singapore (CSA) said there were 47,500 cases of phishing here last year, compared with 16,100 cases in 2018.

This mirrors global trends as the number of phishing attacks around the world spiked last year, and was the highest since 2016.

In a Facebook post yesterday, Minister-in-charge of Cyber Security S. Iswaran said phishing continued to be a popular tool for hackers, with 1,500 dubious links sent between March and May - twice as many compared with the preceding three months.

Said Mr Iswaran, who is also Minister for Communications and Information: "As more individuals and businesses go online amid the pandemic, cyber criminals have capitalised on the situation to carry out malicious activities."

Calling for a collective effort from Government, industry, businesses and individuals to stand against cyber threats, he added: "We cannot let our guard down. Ensuring a resilient and trusted cyberspace is critical for our economic and social competitiveness."

According to CSA's fourth annual report titled Singapore Cyber Landscape 2019, the Immigration and Checkpoints Authority, Ministry of Manpower and the Singapore Police Force were government agencies that criminals most commonly pretended to be in those phishing e-mails and messages sent.

Unsuspecting users who click on the dubious links in the messages would be tricked into revealing personal information.

Mr Iswaran said that Singapore is a lucrative target for hackers.

On June 19, Singapore was named by cyber-security firm Cyfirma as one of six countries to be targeted in a prominent phishing campaign impersonating government authorities centred on support for Covid-19. So far, there is no evidence of the campaign happening here, said Mr Iswaran.

Besides phishing, the number of ransomware cases increased last year to 35 from 21 in 2018.

CSA also said there were 9,430 cybercrime cases last year, accounting for more than a quarter of all crimes last year. This was up from 6,215 cybercrime cases in 2018, which accounted for about a fifth of all crimes that year.

CSA also reported that the number of Singapore-linked website defacements has increased by almost 45 per cent, from 605 cases in 2018 to 873 cases last year. According to CSA, the spike was partly due to an Indonesia-based hacker group and developments in the Middle East.

Mr Bryan Tan, a lawyer from Pinsent Masons MPillay specialising in technology law and data protection, warned that website defacement can be used to blackmail businesses or to steal customer information.

A version of this article appeared in the print edition of The Straits Times on June 27, 2020, with the headline 'Phishing attacks last year tripled from 2018'. Subscribe