Commentary: The year hackers and scammers exploited our COVID-19 fears to cheat us

SINGAPORE: 2020 may be the year that a deadly infectious disease, COVID-19, stole. But a larger theft has gone mostly unnoticed.

For years, people have been using digital platforms to purchase goods and services, bolstered by Singapore’s Smart Nation initiatives. COVID-19 has further accelerated this shift to the online world.

While the digital leap confers benefits and convenience to us, it has also created opportunities for malicious actors.

LISTEN: Phishing scams and the sketchy tricks of the online crime trade

Recognising the ever-present risk of cybercrime, the Singapore Government has actively encouraged digital literacy through various means, from the Media Literacy Council’s Better Internet Campaign 2020 to integrating cybersecurity instruction across disciplines in schools.

Yet cybercriminals have made strides in accessing Singaporeans’ wallets in three ways this year.

READ: More than a quarter of Singapore residents suffered at least 1 cybersecurity lapse in past year: CSA survey

EXPLOITING PUBLIC FEARS OF THE PANDEMIC

First, cyber criminals have exploited fears over the pandemic to ensnare new victims.

McAfee’s recent COVID-19 Threat Report found an average of 375 new threats per minute and a surge of coronavirus-themed malicious apps, phishing campaigns, malware and more around the world.

Across the world, malicious players have capitalised on people’s fear and desire to stay safe, from setting up fake websites selling face masks, to underground marketplaces and scams using protective equipment as bait.

Singaporean scammers are also taking advantage of the influx in potential victims, as more Singaporeans head online more regularly for work and leisure.

In the first half of 2020 alone, online scams saw a surge. People were cheated of S$82 million via the top 10 scams in the first half of 2020, double the amount the year before.

The number of reported cases for the top four scams rose sharply by 163 per cent.

READ: Cybercrime jumps more than 50% in 2019, new threats emerge from COVID-19 pandemic

TAKING ADVANTAGE OF NEW CONSUMER TRENDS 

Second, scammers have been opportunistic, adapting rapidly to consumer behaviour.

Capitalising on the surge in demand for gaming consoles during the circuit breaker, there was a spike in online scams involving the Nintendo Switch console, with victims losing at least S$30,000 to scammers on a popular online marketplace.

Many were hooked by attractive prices from what they thought was a trustworthy source. But after victims transferred the money, the scammers went silent.

READ: Commentary: Every day feels like 11.11 since COVID-19

USING INCREASINGLY SOPHISTICATED TACTICS

Third, scammers are leveraging technological advancements to employ increasingly sophisticated scams.

Phishing attempts are looking increasingly genuine. Beyond intricacies in URLs, fake web pages are designed to imitate sites closely.

Counterfeit products are hard to differentiate among other real options on websites.

Even scam calls asking for information can be automated, which adds a sheen of legitimacy, misleading unsuspecting victims.

In fact, the Cyber Security Agency of Singapore found that almost half of all robocalls made today are automated, with malicious actors digitally altering their phone numbers or caller identity to spoof those of established organisations.

For example, as the pandemic got increasingly serious in March, scammers impersonated Ministry of Health (MOH) officials, using automated voice calls or acting as MOH staff members and contact tracing personnel.

Victims were asked to provide personal information including their financial details to assist in contact tracing. Some were even asked to collect documents from the ministry.

READ: Commentary: Singapore’s almost in our new normal. Don’t be the dud who jeopardises that

READ: Commentary: Contact tracing aside, you should worry if you have to report your whereabouts to your boss after work

Recently, scammers also impersonated Ministry of Law (MinLaw) officials, with automated voice messages claiming that MinLaw was unable to contact the victims, prompting them to press a number to speak to a customer service officer.

By using auto dialling software that present their own numbers as those from official sources, such as those from MOH or MinLaw, scammers add a veneer of authenticity to the call, tricking victims into answering.  

Consequently, many are tricked into thinking that the ministries, police, customs, delivery firms or banks are contacting them.

Other scams in this vein include calls offering technical support but are in reality phishing attempts, where victims are asked to provide accounts and passwords.

We have also seen lucky draw scams where victims are requested to provide personal data to claim prizes.

DIGITALLY LITERATE – BUT IS IT ENOUGH?

Anyone can be a victim of the wide variety of scams, but there are emerging patterns tied to demographics – because scammers capitalise on specific digital usage patterns to target certain groups.

For example, research suggests the elderly tend to be digital immigrants, who are less equipped to spot tell-tale signs of scams, which makes them disproportionately vulnerable to digital fraud.

Because many seniors struggle with understanding mobile apps and online sites, IT support scams are prevalent, since spotting and avoiding such attacks requires literacy on multiple fronts and familiarity with IT support operations by government agencies or companies.

READ: Commentary: COVID-19 – as offices close, hackers work overtime

READ: Commentary: Cyberbullying just keeps getting worse. Even COVID-19 hasn't dampened its spread

Young people, owing to the significant time they spend online and their comfort in conducting online payment transactions, have been targeted on social media.

Scammers often use spoofed or compromised social media accounts, impersonating the victim’s friends or followers on Facebook or Instagram.

On the pretext of helping them sign up for promotions on popular e-commerce platforms or fake contests, scammers ask victims for their personal details, such as internet banking account details, mobile number and one-time password.

Victims would later discover that unauthorised fraudulent transactions were made with their bank accounts or mobile wallets. A majority of social media scam victims in 2019 were between 20 and 40.

Scammers also home in on gender. For example, middle-aged to elderly women tend to emerge as victims of love scams. They have substantial savings, and some are emotionally susceptible due to divorces, making them ideal targets for scammers.

Meanwhile, young, tech-savvy males tend to be victims of credit-for-sex scams, as scammers post online advertisements or befriend victims via dating apps or social media platforms.

The common feature in all these scams is an optimism bias in victims. They stand at greater risk of fraud when they believe they are unlikely to be scammed, and therefore let their guard down and ignore cross-checking decisions with others more familiar with such threats.

READ: The Big Read: As more cyberattacks loom, Singapore has a weak ‘first line of defence’

TAKING DIGITAL SAFETY SERIOUSLY

While scammers may vary tactics and topical relevance, scams are at their core old crimes mediated through new technology. The mechanics that drive them will always be the same – offering us a blueprint to protect ourselves from scams.

Consumers must take the time to apply a critical lens to their deals, interactions, and online activities to evaluate each step they take, so that they may be alerted when something seems unusual.

I would urge consumers to exercise caution when receiving promotional emails or texts from unknown sources, especially those that make claims too good to be true.

Go directly to reputable websites that begin with “https”, instead of clicking on questionable ads, links or emails.

READ: Commentary: Here's how to win the cybersecurity arms race

Last, consider using comprehensive security to protect devices and online accounts, as well as an identity theft protection service to help protect, detect, and correct potential breaches in personal information.

Singapore’s Smart Nation future will see digital services gain traction, which will inevitably open up more opportunities for scammers to find new victims. 

A new scam will always be around the corner, but by going beyond basic digital literacy, you will do well to protect yourself.

Shashwat Khandelwal is Head of Southeast Asia Consumer Business, McAfee.

Listen to Shashwat Khandelwal discuss how scammers are getting increasingly sophisticated and hard to identify on Heart of the Matter: