As Singapore marks 40 years of Total Defence, it’s important to remember that we all have a part to play in building a strong, secure and cohesive nation. We face a spectrum of challenges that threaten our independence and wellbeing, and it’s up to us to strengthen our defences against these challenges.
Digital Defence is one of the six pillars of Total Defence. Singapore may be one of the most technologically advanced, open and connected nations in the world, but the digital revolution also means that we’re more vulnerable to threats that have no physical boundaries or battlefields. We therefore need to be able to respond to cyberattacks that target our networks and infrastructure, as well as threats that can be perpetrated through the digital domain such as fake news and deliberate online falsehoods.
Online hackers and phishing scams are just two of many digital threats we need to protect ourselves against. According to the Singapore Police Force (SPF), Singapore victims lost a total of $660.7 million to scammers in 2022, up from $632 million the year before. During the first half of 2023, this figure was more than $330 million.
The latest scams are more sophisticated and have even the most digital-savvy of us on edge.
Take the WhatsApp Web scam, for instance, which tricks a person’s WhatsApp contacts into parting with their money. It starts with WhatsApp users wanting to access their WhatsApp accounts on their desktops. They would type “WhatsApp Web” into an online search engine, but instead of clicking on the genuine WhatsApp site, they end up clicking on an impersonator link, which usually shows up among the top results.
Users are then instructed to scan a QR code, which is a requirement when using the desktop version of WhatsApp, but since this is an impersonator site, scanning the code doesn’t give users access to WhatsApp; instead, it gives scammers remote access to users’ WhatsApp accounts. The scammers then ask the users’ contacts for their personal and online banking information and may even request for them to transfer money to a bank account.
Another scam uses artificial intelligence or deep-fake technology to create videos and voice recordings to dupe victims’ family members and friends into transferring money to scammers.
Fraudsters approach victims through messaging platforms, social media sites, phone calls, SMS-es, and online shopping platforms, and since most of us use one or more of these regularly, we are definitely at risk.
So, what can you do to protect yourself and your family from these online dangers? Here are six tips.
1. Don’t be a victim of the WhatsApp Web scam
The SPF advises Singaporeans against using WhatsApp Web. If you really must, make sure that you are using the official WhatsApp Desktop App or visiting the official website from WhatsApp for “WhatsApp Web”. The official URL address is web.whatsapp.com.
Additionally, never share your WhatsApp account verification codes, personal information, banking details and OTPs (one-time passwords) with anyone; be mindful of unusual requests received on WhatsApp, even if these requests were sent by your WhatsApp contacts; and protect your WhatsApp account by enabling the two-step verification feature (go to Settings > Account > Two-step verification > Enable).
You should also take the time to review all the devices that are linked to your WhatsApp account (go to WhatsApp Settings > Linked Devices). You can remove a linked device by tapping the device > Log Out.
Finally, always be aware of who has physical access to your phone. Be sure to set a device code to limit others from using your WhatsApp account without your permission.
2. Use strong passphrases
Protect your accounts from cybercriminals with the use of strong passphrases – these are longer than passwords and made up of a string of words.
The Cyber Security Agency of Singapore (CSA) advises stringing together five different words that relate to a memory that is unique to you. For example, you may have learnt to ride a bike when you were five years old. Next, use a combination of uppercase and lowercase symbols, numbers and symbols to make it difficult for cybercriminals to crack. For instance: Learnt2RIDEabikeat5.
3. Maintain good password hygiene
Use different passwords for each of your online accounts, don’t share your passwords with others or write them down, don’t log in to online services over unsecured Wi-Fi networks, and don’t reveal your passwords or OTP in response to unsolicited phone calls, emails or messages as it could be a phishing scam.
Do your kids play games on the Internet? Keep these online gaming safety tips in mind.
4. Protect yourself from phishing scams
Phishing is how cybercriminals deceive people into giving them personal or sensitive information (such as bank account or credit card numbers) or installing malware (malicious software) or ransomware on their devices.
Cybercriminals usually disguise themselves as a legitimate organisation through emails, text messaging platforms and social media platforms. Once you click on the links that they send, they can easily gain access to your online accounts or steal your personal information.
CSA recommends only downloading apps from official apps stores like Google Play Store (Android) or Apple App Store (iOS), as these platforms have measures in place to detect and remove malicious apps.
And think twice before clicking on links in unsolicited emails and text messages. Be wary of suspicious links that have been deliberately misspelled, such as www.paypa1.com (instead of www.paypal.com), and phrases like “Urgent action required” or “your account will be terminated”, which are meant to pressure you into clicking on fraudulent links.
If you’re unsure about the authenticity of an email, text message, phone call or request, CSA advises you to check with the official sources.
5. Update your software promptly
No matter how busy you are, don’t put off updating your software and apps (this includes operating systems, web browsers and plug-ins, anti-virus software, and other types of apps).
The CSA says that these updates contain important fixes that address known weaknesses (also called vulnerabilities) in software and apps. Not updating your software and apps makes it easier for cybercriminals to exploit these vulnerabilities to infect your devices with malware, steal your data and even take control of your devices.
6. Add ScamShield and Anti-Virus apps
Malware is dangerous; cybercriminals can infect your devices with it and use it to steal personal data, gain access to your social media and bank accounts, and corrupt your files.
Anti-virus apps can detect malware and malicious phishing links and are key to safeguarding your devices and accounts, so it’s smart to install them in your devices.
Also useful is the ScamShield app, which was developed by Open Government Products in collaboration with the Singapore Police Force and the National Crime Prevention Council. CSA says that the app can protect you by detecting messages and blocking phone calls from scammers. For more information, visit scamshield.org.sg.
Want more articles like this, and other lifestyle content right in your inbox? Download the new SAFRA mobile app and opt in for the eNSman Newsletter – you don’t need to be a SAFRA member to subscribe – and never miss another story!