Friday, April 12, 2024
HomesingaporeFAQ: How to avoid being scammed and what to do if you...

FAQ: How to avoid being scammed and what to do if you become a victim

SINGAPORE: A staggering S$330 million (US$240 million) was lost to scammers in just the first six months of this year in Singapore.

From job scams, e-commerce scams, fake friend call scams and phishing scams to the latest malware scams – scammers are constantly thinking up new ways to con you of your money.

It’s not just the elderly too – in fact, young adults aged 20 to 39 made up more than half of scam victims, according to the Singapore police’s crime statistics for January to June.

“Scammers do not target you based on age, gender, race, occupation, (or) financial status. There will always be new modalities and new tactics used by scammers,” the police told CNA. 

So what can you do to guard against scams? And if you find yourself in the unfortunate position of being a victim, what can you do to prevent further losses?

HOW TO AVOID BEING SCAMMED

Jobs, discounts – how can I tell if an ad is real?

Spelling errors and grammatical mistakes have long been telltale signs of potential fraud, but this may no longer be the case with the rise of artificial intelligence tools like ChatGPT.

So, how do we beat that?

With a “healthy dose of scepticism”, said Mr Kenny Yeo, director of consulting firm Frost & Sullivan and its head of Asia-Pacific cybersecurity practice.

“If the deal sounds too good to be true, it probably is.”

Look out too for the source of the advertisement, such as whether the company is a reputable and known entity or if it contains an unfamiliar URL.

Those that ask for personal information upfront should raise a red flag as well, said senior solutions architect Shahnawaz Backer from cybersecurity company F5.

Also consider the urgency of an advertisement, as a common trick by scammers is to pressure victims into quick decisions.

Related:

More than S$330 million lost to scammers in first half of 2023; cases continue to rise

At least S$1.2 million lost to Android malware scams involving travel package ads

How do I identify a scam call?

AI has also been used by fraudsters to mimic voices, making phone scams even more realistic.

But people can still look out for “psychological tactics” commonly deployed by scammers, such as creating a sense of danger and an urgency to take action. Another red flag is when the other party constantly dodges your questions.

“If you suspect the person at the other end of the line is using a voice deepfake, tell them you will call them back, or just hang up,” said Ms Jennifer Cheng of cybersecurity firm Proofpoint.

“Then, call your family member’s or friend’s actual number to verify if the person who called you was really them.”

Once you identify a scam call, the best course of action is to hang up immediately. While it may be tempting to try and turn the tables on the scammers, experts unanimously said it is not ideal to engage the scammers in any way.

After which, report and block the number.

“Cyber criminals typically do their activities at scale with automated software going through huge stolen lists of numbers,” said Mr Yeo. “Simply answering the phone may tag your phone number as active and you may receive more scam attempts.”

How do you spot a phishing link?

As a rule of thumb, avoid clicking on links that are shared via messaging platforms. Always look up the site via a browser instead, said Ms Cheng, who is Proofpoint’s director of cybersecurity strategy for Asia Pacific and Japan.

If you have to click on a link, check if it’s a shortened URL or if it has spelling errors. Authenticated websites have a Secure Sockets Layer (SSL) certificate, which means the URL will begin with “https” rather than “http”.

Other common red flags include suspicious or unusual email addresses and requests for personal data in unsolicited messages, especially those from official institutions. Legitimate financial and government entities typically do not ask for personal information over emails or messages.

Again, steer clear of any form of message that uses threats, urgency with phrases such as “Action Required” and offers that seem too good to be true.

Related:

Phishing attempts on Singapore targets rose 175% to 8,500, with banking sector most spoofed in 2022

If so many people think +65 calls are from scammers, why do some businesses still use them?

What other preventive steps can you take?

First, install anti-virus software and ensure that your devices’ operating systems are updated regularly.

Download the government’s ScamShield app, which checks incoming SMS messages and calls against a list of known scam numbers and filters them if there is a match.

More importantly, do not download apps from third-party or dubious sites that can lead to malware being installed on your phone, computer or other devices.

“Be wary if asked to download unknown apps in order to purchase items or services on social media platforms,” the police said. “Check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is reputable and legitimate.”

Many banks now restrict customers’ access to their apps if potentially risky apps are detected, and some are launching a “money lock” feature that allows customers to block their savings from digital transactions.

Experts commended these initiatives, particularly for the elderly with limited digital literacy. Still, they said banks can do more, especially in protecting their more vulnerable customers.

“Senior citizens might not be as familiar with complex security measures, so there should be accompanying educational programmes to ensure they understand how to use these features effectively,” said Mr Chris Cruz, chief information officer of public sector at cybersecurity firm Tanium.

He added that collecting feedback from elderly customers is essential, while other experts called for support measures like helplines to prevent inadvertent account lockouts.

Related:

Negligent banks, telcos may be held responsible for scam victims’ losses as part of proposed measures

Banks, telcos or consumers – who will bear phishing scam losses under proposed framework? Here are 4 scenarios

I’VE BEEN SCAMMED. NOW WHAT? 

How do I know there’s malware on my phone? 

One sign is when an app bombards the user with fake pop-ups until it’s granted access to the phone’s accessibility services. Some devices infected with malware may also overheat, said Appdome’s Mr Jan Sysmans. 

But Mr Sysmans, the cybersecurity firm’s mobile app security product lead, cautioned that mobile malware may go undetected for a long time. Some can even detect that the phone is facing down before launching the attack.

“Malware apps can look very professional and legitimate,” said Frost and Sullivan’s Mr Yeo. “Other malware will often work invisibly on the device, working in the background to capture the keystrokes and screen images with the objective of stealing user credentials, passwords, one-time password verification, and quickly making digital banking transactions before the user realises it.”

What do you do if your phone has been taken over by malware?

Malware scams typically occur after a consumer responds to a fake advertisement to buy something. The seller would contact the buyer, usually through WhatsApp, and ask them to install an Android Package Kit (APK) file, an app created for Android’s operating system, to make payment.

After downloading and installing the APK file, scammers would be able to retrieve the victims’ banking credentials when users log in to their internet banking accounts. They then siphon money from the bank accounts.

While APK files are solely for Android, iPhones are not invulnerable to such scams.

Advice online includes switching off your phone, pulling out the SIM card, turning off mobile data and even microwaving it to destroy the phone. 

While cybersecurity experts were more or less on the same page about the other tips, all cautioned against microwaving your phone, calling that piece of advice “invalid and dangerous”.  

Mr Cruz from Tanium said: “Putting your phone in a microwave is a highly dangerous and ineffective method to deal with malware. Microwaves can cause significant damage to electronic devices and pose serious safety risks, including the risk of fire and explosion. This method should never be attempted.”

RELATED ARTICLES
- Advertisment -

Most Popular