Threats to our national security may come in many forms, including from the digital domain. The more digitally connected and technologically advanced the world becomes, the greater our vulnerability to cyberattacks, online scams, fake news, and so on. These threats can disrupt our personal safety and way of life, as well as undermine our social cohesion and strike at the confidence and psychological resilience of our people.
This is why we can’t ignore Digital Defence – one of the six “pillars” of Singapore’s Total Defence strategy, which involves the participation of every Singaporean in the collective effort of building a strong, secure and cohesive nation.
The number of scams in Singapore has been growing. According to the Singapore Police Force, victims lost a record high of over $385.6 million in the first six months of 2024 – an increase of 16.3% compared to the same period in 2023. The most common scams included e-commerce scams, phishing scams, investment scams, government official impersonation scams, and loan scams.
As AI (artificial intelligence) technology becomes more pervasive, we also have to be concerned about AI-generated “deepfakes”, which can trick us into parting with our money or sharing personal or sensitive information with scammers, and which may even threaten our national security.
We asked a cyber-security expert to share some tips for guarding against common digital threats.
1. Be wary of AI deepfakes
“Deepfakes created by AI are a serious concern because they can create highly realistic audio and video content that convincingly mimics real people,” says Nikhil Bhardwaj, Project Manager and Sales Consultant at Cybersafe Pte Ltd.
Some common manipulation techniques include:
- Impersonation for fraud: Deepfakes can be used to impersonate trusted figures such as bank officials, company executives, or even family members. This can lead to fraudulent transactions or misinformation campaigns.
- Undermining trust: When video or audio evidence can be fabricated, it becomes increasingly difficult to trust digital communications. This erosion of trust is a major issue for businesses, governments, and personal interactions alike.
- Difficulty in detection: As deepfake technology advances, distinguishing between authentic and manipulated content becomes challenging – even for experts. This increases the risk of successful scams, as victims may be misled by convincing “proof” generated by cybercriminals.
“In short, deepfakes open up new avenues for sophisticated scams that require both advanced detection techniques and public awareness,” Nikhil adds.
AI-generated deepfakes can be hard to detect, but according to the Cyber Security Agency of Singapore, there are some ways to tell if the multimedia you’re looking at is real or not:
- Assess the message: Check its source, context and aim. For instance, is the source trustworthy? Does the content read or behave as expected? And does the message ask you to do something urgently, unsafe, or unusual?
- Analyse audio-visual elements: Look for inconsistencies or discrepancies in facial features, expression and eye movement, skin texture and tone, background, and audio-video quality.
- Authenticate the content: Deepfake detection tools for the general consumer are only just emerging. In the meantime, you can look out for tags or watermarks which indicate if the content you’re looking at is AI-generated.
2. Shop safely online
Shopping online is a favourite pastime for many of us, but don’t fall victim to scammers and fraudsters.
For example, Nikhil says that when you’re browsing an online store, the first indicator of security is the URL – make sure it begins with “https://” (the “s” stands for secure) and that you see the padlock icon in your browser’s address bar.
He says that other red flags include:
- Outdated design and poor functionality: If the site looks unpolished or is riddled with pop-ups and excessive ads, it might not have been maintained with modern security practices.
- Unnecessary information requests: Be cautious if the website asks for more personal or financial information than is typical for the transaction.
3. Protect against these scams when banking online
With most of us doing our banking online, it’s important to distinguish between phishing and spamming. Nikhil explains:
- Phishing: This is a tactic where attackers send fraudulent emails or messages, or even create fake websites that appear to be from trusted institutions – such as your bank – in order to trick you into revealing sensitive data such as login credentials or financial information.
- Spamming: Spamming involves the mass distribution of unsolicited emails or messages, which often serve as a vehicle for phishing attempts or the dissemination of malicious links and attachments.
“In the context of online banking, these methods can be used to impersonate your financial institution. An email might look like it’s coming from your bank, urging you to update your details or verify a transaction – only to direct you to a counterfeit site designed to harvest your credentials,” he adds.
Here are Nikhil’s tips to protect yourself:
- Verify the source: Always double-check the sender’s email address or contact details. If in doubt, contact the institution directly using known, trusted channels.
- Use Multi-Factor Authentication (MFA): This adds an extra layer of security even if your password is compromised.
- Keep software up-to-date: Updated anti-malware and spam filtering tools can help catch suspicious activity before it reaches you.
- Be sceptical: Avoid clicking on links or downloading attachments from unknown sources, and always check for the “https://” prefix and padlock symbol before entering any personal information.
4. Reinforce security measures on your devices
Protecting your devices is about layering defences, says Nikhil. This can help minimise your exposure to online threats, fraud and scams.
Here’s what you can do:
- Keep software updated: Regularly update your operating systems, applications, and antivirus software to patch vulnerabilities.
- Use strong, unique passwords and MFA: Use strong, unique passwords for every account and enable MFA wherever possible.
- Use firewalls and VPNs: Activate built-in firewalls and use reputable VPN services – especially when accessing public Wi-Fi – to safeguard your Internet connection.
- Backup regularly and use encryption: Backup your important data regularly and consider encrypting sensitive files.
- Be cautious with downloads: Only install apps and software from reputable sources to avoid inadvertently introducing malware.
5. Be mindful of what you share on social media
“Social media is an excellent tool for connection, but oversharing can be a gateway for cybercriminals,” Nikhil points out.
Avoid sharing the following, he says:
- Personal details: This includes sensitive information such as your home address, phone number, and even your full date of birth. These can be exploited for identity theft.
- Travel plans: Publicly posting vacation plans or travel itineraries can alert potential burglars that your home is unoccupied.
- Financial information: Details about your income, investments, or even hints about your financial status should be kept private.
- Real-time location data: Photos and posts that reveal your current location (especially if geo-tagging is enabled) can put you at risk.
- Work-related confidential information: Oversharing details about your workplace or projects can inadvertently provide a roadmap for targeted attacks.
“By managing your privacy settings and being selective about what you share, you can better protect your personal and financial safety,” Nikhil adds.
6. Keep your non-digitally savvy loved ones safe from online scams
“
People who are less familiar with digital environments, including many seniors, can be particularly vulnerable to online scams, Nikhil says.
Here are some scams they may fall prey to:
- Phishing emails and scam calls: They might receive emails or phone calls that impersonate government agencies, banks, or even family members, urging them to share sensitive information or transfer funds.
- Tech support scams: Fraudsters often pose as technical support agents, convincing individuals that their devices are infected and persuading them to install malicious software or provide remote access.
- Romance and charity scams: Exploiting emotions, scammers might create elaborate stories on social media or dating sites to build trust and eventually ask for money.
- Fake websites and online ads: Unsophisticated users might not notice subtle discrepancies in website URLs or design, leading them to fraudulent sites that mimic legitimate businesses.
Nikhil shares some ways to mitigate these risks:
- Education and awareness: Regularly educate vulnerable loved ones on common scam tactics. Local community centres or libraries sometimes offer sessions on digital literacy and online safety.
- Simplified security tools: Encourage the use of simplified security applications that can help filter out spam and malicious content.
- Trusted contacts: Advise vulnerable loved ones to verify unsolicited requests by contacting a trusted friend, family member, or the relevant institution directly.
Want more articles like this, and other lifestyle content right in your inbox? Download the new SAFRA mobile app and opt in for the eNSman Newsletter – you don’t need to be a SAFRA member to subscribe – and never miss another story!
