Three times more phishing attacks in Singapore in 2019, twice as many during Covid-19 pandemic

There were 47,500 cases of phishing here in 2019, compared with 16,100 cases in 2018.
There were 47,500 cases of phishing here in 2019, compared with 16,100 cases in 2018.PHOTO: THE NEW PAPER

SINGAPORE - The number of phishing attempts to trick users to give up personal information almost tripled last year from the year before, and doubled during the months when people had to stay home to stem the spread of Covid-19.

Revealing this in its latest report, the Cyber Security Agency of Singapore (CSA) said there were 47,500 cases of phishing here last year, compared with 16,100 cases in 2018.

This mirrors global trends as the number of phishing attacks around the world spiked in 2019, the highest since 2016.

In a Facebook post on Friday (June 26), Minister-in-Charge of Cybersecurity S. Iswaran said phishing continued to be a popular tool for hackers, with 1,500 dubious links sent during March to May, twice as many compared with the preceding three months.

Said Mr Iswaran, who is also Minister for Communications and Information: "As more individuals and businesses go online amid the pandemic, cyber criminals have capitalised on the situation to carry out malicious activities."

Calling for a collective effort from government, industry, businesses and individuals to stand against cyber threats, he added: "We cannot let our guard down. Ensuring a resilient and trusted cyberspace is critical for our economic and social competitiveness."

According to CSA's fourth annual report titled Singapore Cyber Landscape 2019, the Immigration and Checkpoints Authority, Ministry of Manpower and Singapore Police Force were government agencies that criminals most commonly pretended to be in those phishing e-mails and messages sent.

Unsuspecting users who click on the dubious links in the messages would be tricked into revealing personal information such as passwords or contact details.

Mr Iswaran said that Singapore is a lucrative target for hackers.

Just last Friday (June 19), Singapore was named by cyber security firm Cyfirma as one of six countries to be targeted in a prominent phishing campaign impersonating government authorities centred around support for Covid-19.

So far, there is no evidence of the campaign happening here, said Mr Iswaran.

 
 

Besides phishing, the number of ransomware sent also increased last year to 35 cases, up from 21 cases in 2018.

CSA also said there were 9,430 cybercrime cases in 2019, accounting for more than a quarter of all crimes last year. This is up from 6,215 cybercrime cases in 2018, which accounted for about a fifth of all crimes.

CSA also reported that the number Singapore-linked website defacements has increased by almost 45 per cent, from 605 cases in 2018 to 873 cases last year. According to the agency, this spike is in part due to an Indonesia-based hacker group, and ongoing developments in the Middle East.

 
 

Mr Bryan Tan, a lawyer from Pinsent Masons MPillay specialising in technology law and data protection, warned that website defacement can be dangerous despite how innocuous it might seem.

"One popular tactic is to use website defacement to blackmail the business or to redirect traffic (and customer information) to another illicit location," he said.