Technology has made our lives so much more convenient and enriching. We chat with our besties via messaging platforms, type work emails fast and furious, and shop online like we were born seasoned bargain hunters. So much so, some of us feel naturalised and safe within the digital world enough to lead second lives – what with our investments and properties, personal finances and even our identities woven into it – as its online natives.
But, like in real life, crime can raise its ugly head under many guises and in numerous situations. Digital (or cyber) crime is more rampant than ever, increasingly insidious and can happen to you, even before you know you have become one of its many unsuspecting victims.
Smarten up and empower yourself to be an informed citizen of the digital realm by reading up about some of the more common tech-enabled scams and how you can protect yourself from them.
1. Phishing Scams
It’s probably one of the most commonplace criminal acts carried out across all kinds of mediums, systems and platforms. And, we do mean all kinds: From websites to emails, to WhatsApp, SMS or any of your fave messaging systems.
Basically, a phishing scam or attack, works like how fishing uses a fake lure to get prey (a.k.a. you in a phishing operation) to bite. They are engineered to fraudulently obtain user data – think your credit card numbers, login credentials, usernames and passwords, pin numbers, banking details, passport details, and any other type of important or sensitive information that pertain to you.
What happens next? Unauthorised purchases made on your card, stealing of bank savings and even identify theft so you can be made both a victim and a criminal for illegal acts performed by the actual perpetrators (yikes).
Some of the more pervasive kinds of phishing methods include the standard email (sent randomly to a wide number of individuals, designed to mimic actual ones from a spoofed legitimate organisation) and malicious short links sent through SMS or messaging platforms (also known as smishing). Add to these, website or search engine-based phishing and voice phishing that’s done via a phone call by a con artist (read more about this later), and you’ve got a WWW (whole wide web) of deceit.
2. Password-Hacking Emails
Fraudulent spam or scam emails are some of the most common ways in which security (personal and professional) is breached. They can be easily delivered to your inbox, embedded with a malicious link or with a file attachment.
Clicking links within them or opening any mail attachments can lead to malware or ransomware being installed on your computer, laptop, mobile phone or digital device. The nightmare scenario? The devices get hacked and your passwords for the devices, your online shopping and banking accounts, and so on, are stolen. Plus, your device programmes might get corrupted in the process, and might even lead on to affect the devices and operating systems of other people in your address book or network.
3. Phone-based Cons
Yes, phone-based scams and voice phishing can also be regarded as digital or cybercrimes as most phones today are smartphones and the scamming act is only complete once your personal info gleaned from you over the phone is used for online crime.
The perp might directly call you and pretend to be a representative from an organisation. Some popular ruses include acting as the employee of a bank or a telecommunications company, or even as an officer from the police, Ministry of Health (a pandemic-based tactic) or any other government agency. He or she will attempt to have you reveal your NRIC, important passwords and other confidential information in various ways. They may work on the premise of alerting you to unauthorised banking transactions, for administrative purposes or simply trying to get you to prove your identity.
It can also be an automated voice calling system asking you to call to speak with an appointed government agency staff or to visit a website. It can even be you chatting on your phone via your device’s messaging app to someone, somewhere, who’s asking for all of your important personal details.
Whatever the method that’s done via your phone, it is a con, a conniving act to get you to disclose all the necessary information needed to commit a crime against your person.
Tips To Help You Stay Vigilant
With digital scams being carried out in multiple ways, how can anyone keep themselves safe from such techy traps? Here are some simple tips to make sure you don’t get tricked.
Look out for mismatched or misleading information
Read emails and website information carefully, and check all of the addresses to see if they are authentic.
Pro tip for emails: Hover your mouse over the links. A small window should appear showing you the actual URLs, and if the URLs are mismatched with the links, you know something’s up. For mobile devices, long-press the link for the URL but make sure not to tap and open the link by mistake.
Check the language
Often, urgent or threatening language is used in scams, usually to pressurise you into making hasty decisions. Legitimate organisations will be much more careful and civil in their customer communications, not spout out demands like “Urgent action needed” or “Your account will be terminated”. Also, suss out any grammar or spelling mistakes – these are dead giveaways.
Don’t buy into the hype
Won a prize for a contest you don’t remember participating in? Get free gifts and amazing deals by simply filling in a survey? If the marketing text for super-attractive deals, discounts or prizes reads too good to be true, it probably is. So don’t get duped, click through or provide any personal info.
Give away confidential information
Personal information such as IC numbers, credit card details and login credentials are almost never asked for over email, the Internet and even phone, by most professional and legitimate organisations, especially banks.
If anyone claiming to be from any such organisation insists on obtaining such details, think twice and be careful about acceding. You can take the extra step of contacting the said organisation directly (using the actual emails or phone numbers, not the ones provided by the so-called organisation representative) to confirm if indeed any such requests are made of you.
Be suspicious of strange or unexpected emails and messages
If you get emails or messages that just read and feel odd to you, you might want to delete them just in case. For one, standard phishing emails are sent as mass emails. And secondly, even if an email or message seems targeted at you (like how more in-depth forms of spear phishing scams work) from a friend, family member or acquaintance, if it doesn’t sound right, do not respond. If it is really important, the sender will get back in touch with you in time or in person.
Be equally suspicious of unknown or unfamiliar senders or callers
Remember how our parents told us not to talk to strangers or take candy from them? Apply some of that wariness and sense to how you receive calls, emails or messages from unknown or unfamiliar persons. You can be civil if you do have to respond, but keep your guard up and all of your personal details to yourself.
Don’t click on suspicious links and attachments
The best option when in doubt? Don’t click on any links, don’t open any attachments and don’t download and install any files or apps if they appear iffy or if you are unsure of their origin and purpose.
Safeguard Your Savings
This one’s for those who are concerned about the “health” of their wealth. Since most of these scams are all about siphoning away your money, maybe it’s good not to put all of your eggs in one basket (read: a single banking facility).
Consider investing your funds or diversifying your investment portfolio, and work with trustworthy financial management and investment services and institutions. Endowus, Syfe and StashAway are but 3 that can help to build your wealth as you secure the future of your finances.
BONUS: SAFRA members get special deals on fees with Endowus, Syfe and Stashaway.
This article was written in support of Total Defence 2022, “Together We Keep Singapore Strong”. Digital Defence, one of the 6 pillars of Total Defence, calls upon Singaporeans to keep secure, alert and responsible online to guard against threats from the digital domain.