GE2025: CSA advises public to stay alert for cyber threats during election season

SINGAPORE – Fraudsters may set up fake social media accounts and political party websites, and send phishing e-mails to solicit donations to defraud Singaporeans ahead of Polling Day on May 3, the Cyber Security Agency of Singapore (CSA) warned.

In an advisory issued on April 15 cautioning Singaporeans against these threats, the CSA said: “Through impersonation, threat actors can spread false or misleading information to manipulate voter behaviour or influence opinions.”

Artificial intelligence (AI) can be used to craft highly personalised and convincing phishing e-mails, messages or voice clones, CSA said, noting how campaigning activities are increasingly being conducted online.

Phishing is a type of threat where cyber criminals impersonate trustworthy entities to trick people into giving up sensitive information or carrying out malicious activities.

AI can also be used to analyse a person’s background for fraudsters to develop targeted scam tactics that align with the person’s political ideology, said CSA.

This, in turn, could lead the victim to make financial transactions at the scammer’s behest.

Warning that threat actors could compromise official social media accounts to spread false information, the agency also said that deepfakes could be used to “convincingly” show candidates saying or doing things they never did, damaging their credibility or reputation.

CSA also warned against the possibility of malware distribution. It said people may be misled into thinking they are downloading apps that election candidates and political parties may use to conduct their online campaigns, such as video-conferencing ones.

However, once downloaded, these apps would allow threat actors to steal data from people’s devices.

In addition, e-mails and SMSes may contain links to fake websites or malicious attachments that contain malware.

To combat such threats, the agency advises Singaporeans to pay close attention to any e-mails or messages they receive.

Besides examining links attached and cross-referencing them with the official websites used by political parties, people should also avoid clicking on any links sent to them in unsolicited communications.

They should also rely on verified news outlets, official government websites and the Elections Department Singapore for information on the general election, while also refraining from giving out any sensitive information.

Fake websites

masquerading as official news outlets

have been used by scammers before, oftentimes quoting prominent figures to exploit those who are unaware.

If people suspect phishing or a scam activity, they should report it through the ScamShield app.

Rather than use third-party sites to download apps and software, people are advised to download them from official sources.

CSA said: “Pay attention to the security permissions required by the app and/or its privacy policy.” It added that greater caution should be exercised when an app requests unnecessary permissions that are not needed for it to function.

To identify deepfakes

, it said to look out for any visual anomalies, such as subtle distortions, inconsistent lighting, strange facial expressions or unnatural blinks.

Deepfakes

also tend to have unnatural sounding audio, and people can scan such videos for mismatched lip-syncing to have a better idea.

“Avoid sharing unverified information, as it can contribute to (the) spread of inaccurate information,” it said.