BRANDED CONTENT

Recent global IT outage a timely reminder to stay vigilant against scams

Besides the CrowdStrike outage, here’s how scammers have leveraged public events to deceive victims in times of uncertainty

The Cyber Security Agency of Singapore warned of reports of phishing e-mails during the CrowdStrike outage, with scammers posing as the firm’s employees or independent researchers.

PHOTO: GETTY IMAGES

Jeremy Theseira, Content STudio

Follow topic:

When thousands of computers were hit by the global outage by US-based cyber-security firm CrowdStrike on July 19, Mr Eric Deng, 32, was unfazed.

He trusted his IT colleagues to get it fixed. But he feared for his fiancee.

“When the internet at my workplace was down, I didn’t think much of it,” says the project manager at a local logistics firm. “I figured it was just a usual outage, which the IT team would sort out.”

But his fiancee, 30, a civil engineer, had taken the day off, and was using Mr Deng’s personal computer at home.

That’s when he became worried. Why? He receives scam e-mails up to three times a week on his own computer, claiming that his accounts have been compromised, with a fake link to reset his passwords.

“If she’d encountered a problem, she might have clicked on something that offers a fix,” he says. “But I’m glad that when I texted her to check, nothing like that happened.”

Worry amid uncertainty

Mr Deng was wise to worry. This sense of uncertainty is exactly what scammers take advantage of, says Police Superintendent Matthew Choo, assistant director of the Scam Public Education Office, Singapore Police Force.

“Scammers may leverage such events that capture widespread public attention to perpetuate scams,” he says.

For instance, using such public events as a backdrop, scammers may create ruses and contact unsuspecting users with malicious links that phish for their personal or banking details.

Some common signs of phishing include:

Clickable links from unsolicited or random emails, messages, images, or advertisements
Spoofed website addresses (such as www.m1cr0soft.1234.com.co)
Unsecured website pages (such as websites without a lock icon and “https://” in the address bar)
Requests for your one-time passwords (OTPs), personal or banking details
Prompts to download attachments or third-party apps outside official app stores

Know the scam signs

Unsure about an SMS from the Government?: Since July 1, all SMSes sent from government agencies show “gov.sg” as the sender ID. But when in doubt, here are four vital indicators to verify.
Guard up against pop-ups: Does it say your computer is compromised? Think twice before calling the “support helpline”, it is likely a technical support scam.
Good cyber hygiene routine: Want to keep the dirty tricks of scammers at bay? Here are four ways to better protect your data and money.

Besides the CrowdStrike outage, here are some public events that were exploited by scammers.

CDC Vouchers

Scammers used fake links for redeeming Community Development Council (CDC) vouchers in January, to trick victims into giving up personal and banking details.

Real CDC vouchers are only disbursed through RedeemSG’s official links (go.gov.sg/cdvc and voucher.redeem.gov.sg).

GST Vouchers

A fake Goods and Services (GST) Tax Voucher mobile app was circulated online last August, so scammers can gain remote access to victims’ devices.

Cash GST Vouchers are disseminated only via PayNow or direct banking, while MediSave GST Vouchers are credited to Central Provident Fund accounts.

Budget 2024

In April, fraudulent links to check a person’s eligibility for Budget measures were circulated on messaging platform Telegram to collect personal information.

In reality, the Ministry of Finance disseminates information only through its official channels listed at mof.gov.sg/singaporebudget.

Tax season

Earlier this year, scammers posed as Inland Revenue Authority of Singapore officials via e-mails to trick at least six victims into revealing debit or credit card details for fake tax refunds.

Genuine tax refunds are processed automatically and directly to your registered bank or PayNow account.

This is part of a series titled “Act against scams”, in partnership with the Singapore Police Force.