Only a few among 1,000 polled spot all phishing e-mails

Phishing e-mails have grown in number and sophistication over the past few years. PHOTO: THE NEW PAPER

Phishing e-mails that attempt to trick victims into giving up personal information continue to be a significant cyber threat in Singapore, with only a handful of respondents of an online poll correctly identifying all phishing e-mails shown to them.

In the online public awareness survey conducted by the Cyber Security Agency of Singapore (CSA) last December, two-thirds of the 1,000 respondents had indicated they knew what phishing is.

But only about 40 correctly identified all eight e-mails given by the survey, six of which were phishing e-mails. The other two e-mails did not involve an attempt to fraudulently extract details.

In the CSA poll, more than half of the respondents were unable to identify the two legitimate e-mails correctly, either pegging the e-mails as phishing attempts or indicating that they were unsure. Just over half or 57 per cent were able to identify e-mails with suspicious attachments and about the same number or 53 per cent could correctly identify e-mails that had fraudulently requested confidential information.

Police figures show that between January and March this year, bank phishing scams were responsible for 374 victims losing at least $1.6 million in total.

Scammers had used e-mails and text messages and posed as bank staff to trick the victims into revealing their Internet banking details. The section on phishing was a new addition to CSA's annual public awareness survey, which has been conducted since 2016.

The survey revealed high levels of concern for cyber incidents among members of the public, but many respondents continued to think that these incidents would not happen to them, the CSA said.

For example, only 47 per cent of respondents were found to have installed security applications in their mobile devices, despite 85 per cent acknowledging the risks of not installing such applications.

"With our increasing reliance on technology, especially amid the Covid-19 pandemic, opportunistic cyber criminals now have a bigger hunting ground," said CSA chief executive David Koh.

Phishing e-mails have grown in number and sophistication over the past few years. There were 47,500 cases of phishing in Singapore last year, nearly three times the number in 2018, according to the CSA.

There were also 1,500 dubious links sent between March and May this year during Singapore's circuit breaker period, double the number in the preceding three months.

Communications and Information Minister S. Iswaran said Singaporeans are beginning to practise better cyber hygiene habits such as using two-factor authentication for more secure online transactions.

In a Facebook post on Saturday, he said: "However, the (survey) findings reveal that even among younger and more cyber savvy Singaporeans, we may not always be able to differentiate between legitimate and phishing e-mails. So let's not let our guard down."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Sunday Times on August 23, 2020, with the headline Only a few among 1,000 polled spot all phishing e-mails. Subscribe