Anybody Can Become a Scam Victim. Even you. Especially you.
Imagine this:
One day you’re looking at your hard earned savings in the bank. The next day, your bank accounts are emptied, and you’re on the brink of financial ruin. That, in our opinion, is more horrifying than anything halloween can cook up.
But here’s the thing: this isn’t a nightmare. It was actually reality for many Singaporeans last year. As a nation, we lost more than $660 million to scams – almost $30 million more than in 2021.
Now, you might think that the majority of them affect the older, less tech-savvy population, but you’d be wrong. Turns out younger Singaporeans, often fueled by overconfidence, are equally susceptible to scams.
It kind of works this way:
The more often you use tech, the more exposed you are to scams involving tech, and the more likely you become a target. And here’s the kicker: Scammers are always updating their methods to appear more convincing; their arsenal of tricks only grows bigger each year.
This means that even the most tech-savvy among us can fall prey to intricately planned cyberattacks. Big yikes.
At GovTech, we believe that prevention is better than cure. With that in mind, here are 4 tips to keep in mind.
Be wary of who you trust
Perhaps the most widespread of all scams is the ‘phishing scam’.
And yes, that’s a reference to ‘fishing.’ Hackers and scammers use ways to ‘fish’ for sensitive personal data, such as passwords, OTPs and usernames.
How do they do that? Using messages that impersonate the appearance and tone of communications from trusted service providers, government agencies or banks. This could be in the form of emails, calls, text messages, or even direct messages on social media.
But perhaps more alarmingly, these days scammers also try to use some element of urgency to make you hand over your information quickly. This is commonly done using fear or greed.
Fear: They might say that they’re from the bank, investigating money being transferred out of your account. They might call you over the phone to ask for login details.
Greed: They might say that you won an enticing prize, but to confirm your identity, you might need to give them sensitive details such as your NRIC and bank account number.
Expert Tip: To counteract phishing, always scrutinise the message, or link to make sure it’s from a legitimate source. Red flags include subtle misspellings or discrepancies, or if it comes from a new and unknown number.
When it comes to scam calls, tell-tale signs are often calls from an unknown number with the +65, or overseas prefix or automated voice messages.
When in doubt, an extra layer of precaution would be to contact the organisation directly through a verified channel to confirm the message’s legitimacy.
Third-party apps are not a party
In September 2023, a woman lost over $110,000 after downloading a third-party app she that she thought was for purchasing a $28 durian tour ticket.
In yet another durian-related situation, a woman lost $50,000 of life savings, also after downloading a third-party app.
Of course, it’s not just durians. During the mid-autumn festival, over 27 people lost $325,000 within just the span of a month – as a result of downloading malware disguised as a way to make payment.
What are these third-party apps? They are apps that are not found on official app stores, such as iOS’ App store or Android’s GooglePlay store.
While it’s true that there are plenty of useful unofficial apps out there, here’s the problem from a cybersecurity perspective: Safety.
Without going through the stringent checks of official app stores, there’s no way of telling that the new app you just downloaded contains malware that will steal your passwords, banking credentials or allow hackers to operate your phone remotely.
The threat is very real.
Expert Tip: Avoid third-party apps. Do not install apps from dubious sources, no matter how good the deal is! If you absolutely have to make sure you search for online reviews, and don’t give the app permissions that aren’t needed for its function. But really, avoid third-party apps at all cost.
Two-Factor Authentication – Just enable it
Yes, Two-factor authentication (2FA) may add an extra step to your login process, requiring a few more seconds to receive and input a one-time password (OTP).
But this minor inconvenience is a small price to pay for the significantly increased security that 2FA offers.
Now, we’re not saying that 2FA is a magical solution that makes you invulnerable to attacks. In recent years, cyberattacks have found ways to circumvent them.
For example, SMS-based 2FA can be susceptible to SIM swapping attacks, where hackers trick telcos into transferring your phone number to their own device.
Authenticator apps are more secure but are not completely foolproof either; there have been instances where malware installed on Android phones has intercepted these codes. Even biometric methods like fingerprint and facial recognition have had their own security breaches.
However, it’s crucial to recognise that despite these flaws, 2FA still adds a robust second layer of security that makes it far more difficult for cybercriminals to access your accounts.
You can think about it as a form of deterrence. Just as invaders are less likely to target a country with a strong military, hackers will think twice before targeting someone with 2FA activated. Unless, of course, they have a compelling reason to.
In the vast majority of cases, that added layer of complexity is enough to discourage would-be attackers, sending them in search of easier targets.
Tip 4: Beware of the long con
In 2023, finding a romantic partner online is very much the norm. Sliding into DMs is second nature to many Gen Z and millennials. So is building relationships and becoming emotionally vulnerable to people they meet online.
And that beckons the question: How long does it take for you to let your guard down against a prospective partner on social media? One month? Two? Here’s the thing. These days, love scammers are willing to wait a couple of months before making their move to take your money.
Take for example the ‘Pig butchering scam.’ The term originates in Mainland China, as sha zhu pan. Literal translation: Pig butchering platter. The idea is that scammers take time to flatter and fatten you up, before delivering a decisive blow..to your finances.
In one encounter reported by journalists at the Straits Times recently, scammers were willing to wait up to three months before asking their would-be victims for money. Reasons given by scammers were often:
- that they needed money urgently, having fallen on hard times
- that they needed money as proof of love and affection (a major red flag)
- there was some enticing investment and business opportunity
Knowing that love scammers are willing to play the long game should make you extra cautious of everyone you meet on the internet; particularly if you haven’t met them in the flesh.
Expert Tips:
-
No matter how much you think you trust someone online, never share your banking or credit card information.
-
Use video calls to confirm their identity, and be skeptical if they always have excuses for not showing their face. Also, consider using reverse image search to check if their photos are stolen or used in other scams.
-
Talk to friends and family about this new person in your life. They can provide a less emotionally involved perspective and may see red flags that you don’t.
-
While unfortunate events do happen, be extra cautious if the person you’ve only known online suddenly experiences a string of calamities requiring financial help.
-
No matter what reasons they give, never send money to someone you’ve only met online. Once you start, they’ll likely invent new emergencies to get more from you.
