Branded content
With just 1 tap, this doctor lost his Telegram account to cyber criminals
In a poll by the Cyber Security Agency of Singapore, only 13 per cent of respondents were able to distinguish between all phishing and legitimate content
In 2024, there were 8,552 cases of phishing scams in Singapore in 2024, placing it among the top five scam types.
PHOTO: GETTY IMAGES
Jan Lee, Brand Newsroom
Follow topic:
Minutes after Dr Chai Chwan tapped on a link within a Telegram message from an acquaintance, his phone buzzed non-stop.
A flood of Telegram messages poured in from 10 friends, asking the 60-year-old general practitioner the same urgent question: “Is your Telegram account hacked?”
They had all received an identical Telegram message sent from Dr Chai’s phone number.
It contained a link inviting recipients to apply for We Care @ North East Fund, a genuine scheme by the North East CDC that provides financial support to needy families.
The text claimed there was a “limited time” offer for Singaporeans to receive up to $1,000 in cash assistance and urged recipients not to “miss out”.
That was when Dr Chai realised he had fallen prey to a phishing scam. His Telegram account was compromised.
In phishing scams, victims are tricked into clicking malicious links or into revealing personal information.
The scam happened on a Saturday afternoon in July this year.
Just 10 minutes earlier, Dr Chai had received the same link from an acquaintance. Without thinking, he tapped on it.
The page that opened mimicked a Singpass login. Dr Chai tapped the QR code, but an error message appeared.
This glitch saved him from handing over his personal data, but it didn’t stop scammers from hijacking his Telegram account.
Within minutes, the same scam message was sent to Dr Chai’s Telegram contacts, this time under his name.
What followed was a scramble to report the incident to both the police and Telegram. Dr Chai also spent the next few hours sending warning messages in batches to all 7,000 of his phone contacts, hoping to contain the damage.
He’s unsure how many of his friends received the phishing text on Telegram.
“I feel quite embarrassed,” Dr Chai admits. “It should have been common sense (not to click on the link).”
With scams becoming more sophisticated, it can be hard to spot phishing attempts, says Mr Luke Ho, deputy director of National Cyber Threat Analysis Centre of the Cyber Security Agency of Singapore (CSA).
In the CSA’s Cybersecurity Awareness Survey 2024, only 13 per cent of respondents were able to distinguish between all phishing and legitimate content.
The survey polled 1,050 respondents aged 15 years and above on their attitudes towards cyber incidents and their awareness and adoption of good cyber hygiene practices.
Phishing scams 101
There were 8,552 cases of phishing scams in Singapore in 2024, placing it among the top five scam types, say the police. Victims lost at least $59.4 million. How it works:
Scammers impersonate legitimate individuals or organisations on social media and messaging platforms.
Upon clicking on links embedded within messages on these platforms, victims are directed to a fraudulent site. They will be asked to key in their personal, bank login or credit card details.
Scammers then gain access to their messaging or bank accounts. They may even impersonate the victims to scam their circle of acquaintances, family members and friends.
Evolving tactics
Why is it becoming harder to spot phishing scams?
One reason is the use of generative artificial intelligence by scammers, says Mr Ho. “Scammers (can) now create content that is increasingly indistinguishable from legitimate ones.”
Gone are the days when poor grammar or awkward phrasing gave phishing messages away, he adds. Cyber criminals also increasingly use security certificates – depicted as “https” in the URL – in their fake websites.
Mr Ho adds that scammers often exploit emotions, such as the fear of missing out, or the false sense of urgency in Dr Chai’s situation. Such tactics pressure victims to respond quickly without checking the legitimacy of the messages.
Taking action
Staying safe from scams requires more than just awareness, says Mr Ho. It requires a change in how we behave online.
He shares some actions that one can take to protect against scams:
Set strong passwords and enable two-factor authentication – such as using biometric features, like fingerprint or facial recognition, for your online accounts
Ensure that your devices are running the latest version of its software by enabling automatic updates
Install the ScamShield app to filter out scam messages and block scam calls
Install anti-virus apps to detect and remove malware, and malicious phishing links
If you’re unsure whether something is a scam, “always check with official sources by calling the 24/7 ScamShield helpline at 1799,” Mr Ho says, “or with family members and friends before proceeding.”
For Dr Chai, the anxiety from the phishing scam has not fully gone away. “There’s always this discomfort,” he shares, from the fear that scammers still have personal information of his that they haven’t used.
And though his bank accounts remain secure, Dr Chai has since taken extra steps to protect himself.
He downloaded the ScamShield app that helps to block out reported scam numbers and messages, giving him some peace of mind.
This is part of a series titled “ Act against scams
