FAQ: How to avoid being scammed and what to do if you become a victim

 https://www.channelnewsasia.com/singapore/scam-faq-what-should-you-do-3883161



FAQ: How to avoid being scammed and what to do if you become a victim

Millions have been lost to scammers and cases are still rising in Singapore. What can you do to avoid falling prey? And if that is too late, what should you do to minimise your losses? 

FAQ: How to avoid being scammed and what to do if you become a victim

(File photo: iStock)

Listen to this article
10 min

This audio is generated by an AI tool.

SINGAPORE: A staggering S$330 million (US$240 million) was lost to scammers in just the first six months of this year in Singapore.

From job scams, e-commerce scams, fake friend call scams and phishing scams to the latest malware scams – scammers are constantly thinking up new ways to con you of your money.

ADVERTISEMENT

It's not just the elderly too – in fact, young adults aged 20 to 39 made up more than half of scam victims, according to the Singapore police's crime statistics for January to June.

“Scammers do not target you based on age, gender, race, occupation, (or) financial status. There will always be new modalities and new tactics used by scammers,” the police told CNA. 

So what can you do to guard against scams? And if you find yourself in the unfortunate position of being a victim, what can you do to prevent further losses?

HOW TO AVOID BEING SCAMMED

Jobs, discounts – how can I tell if an ad is real?

Spelling errors and grammatical mistakes have long been telltale signs of potential fraud, but this may no longer be the case with the rise of artificial intelligence tools like ChatGPT.

ADVERTISEMENT

So, how do we beat that?

With a “healthy dose of scepticism”, said Mr Kenny Yeo, director of consulting firm Frost & Sullivan and its head of Asia-Pacific cybersecurity practice.

“If the deal sounds too good to be true, it probably is.”

Look out too for the source of the advertisement, such as whether the company is a reputable and known entity or if it contains an unfamiliar URL.

Those that ask for personal information upfront should raise a red flag as well, said senior solutions architect Shahnawaz Backer from cybersecurity company F5.

ADVERTISEMENT

Also consider the urgency of an advertisement, as a common trick by scammers is to pressure victims into quick decisions.

How do I identify a scam call?

AI has also been used by fraudsters to mimic voices, making phone scams even more realistic.

But people can still look out for “psychological tactics” commonly deployed by scammers, such as creating a sense of danger and an urgency to take action. Another red flag is when the other party constantly dodges your questions.

“If you suspect the person at the other end of the line is using a voice deepfake, tell them you will call them back, or just hang up,” said Ms Jennifer Cheng of cybersecurity firm Proofpoint.

ADVERTISEMENT

“Then, call your family member’s or friend’s actual number to verify if the person who called you was really them.”

Once you identify a scam call, the best course of action is to hang up immediately. While it may be tempting to try and turn the tables on the scammers, experts unanimously said it is not ideal to engage the scammers in any way.

After which, report and block the number.

“Cyber criminals typically do their activities at scale with automated software going through huge stolen lists of numbers,” said Mr Yeo. “Simply answering the phone may tag your phone number as active and you may receive more scam attempts.”

How do you spot a phishing link?

As a rule of thumb, avoid clicking on links that are shared via messaging platforms. Always look up the site via a browser instead, said Ms Cheng, who is Proofpoint's director of cybersecurity strategy for Asia Pacific and Japan.

If you have to click on a link, check if it’s a shortened URL or if it has spelling errors. Authenticated websites have a Secure Sockets Layer (SSL) certificate, which means the URL will begin with “https” rather than “http”.

Other common red flags include suspicious or unusual email addresses and requests for personal data in unsolicited messages, especially those from official institutions. Legitimate financial and government entities typically do not ask for personal information over emails or messages.

Again, steer clear of any form of message that uses threats, urgency with phrases such as “Action Required” and offers that seem too good to be true.

What other preventive steps can you take?

First, install anti-virus software and ensure that your devices’ operating systems are updated regularly.

Download the government’s ScamShield app, which checks incoming SMS messages and calls against a list of known scam numbers and filters them if there is a match.

More importantly, do not download apps from third-party or dubious sites that can lead to malware being installed on your phone, computer or other devices.

“Be wary if asked to download unknown apps in order to purchase items or services on social media platforms," the police said. "Check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is reputable and legitimate.”

Many banks now restrict customers’ access to their apps if potentially risky apps are detected, and some are launching a “money lock” feature that allows customers to block their savings from digital transactions.

Experts commended these initiatives, particularly for the elderly with limited digital literacy. Still, they said banks can do more, especially in protecting their more vulnerable customers.

“Senior citizens might not be as familiar with complex security measures, so there should be accompanying educational programmes to ensure they understand how to use these features effectively,” said Mr Chris Cruz, chief information officer of public sector at cybersecurity firm Tanium.

He added that collecting feedback from elderly customers is essential, while other experts called for support measures like helplines to prevent inadvertent account lockouts.

I'VE BEEN SCAMMED. NOW WHAT? 

How do I know there’s malware on my phone? 

One sign is when an app bombards the user with fake pop-ups until it's granted access to the phone’s accessibility services. Some devices infected with malware may also overheat, said Appdome's Mr Jan Sysmans. 

But Mr Sysmans, the cybersecurity firm's mobile app security product lead, cautioned that mobile malware may go undetected for a long time. Some can even detect that the phone is facing down before launching the attack.

"Malware apps can look very professional and legitimate," said Frost and Sullivan's Mr Yeo. "Other malware will often work invisibly on the device, working in the background to capture the keystrokes and screen images with the objective of stealing user credentials, passwords, one-time password verification, and quickly making digital banking transactions before the user realises it.”

What do you do if your phone has been taken over by malware?

Malware scams typically occur after a consumer responds to a fake advertisement to buy something. The seller would contact the buyer, usually through WhatsApp, and ask them to install an Android Package Kit (APK) file, an app created for Android’s operating system, to make payment.

After downloading and installing the APK file, scammers would be able to retrieve the victims’ banking credentials when users log in to their internet banking accounts. They then siphon money from the bank accounts.

While APK files are solely for Android, iPhones are not invulnerable to such scams.

Advice online includes switching off your phone, pulling out the SIM card, turning off mobile data and even microwaving it to destroy the phone. 

While cybersecurity experts were more or less on the same page about the other tips, all cautioned against microwaving your phone, calling that piece of advice "invalid and dangerous".  

Mr Cruz from Tanium said: "Putting your phone in a microwave is a highly dangerous and ineffective method to deal with malware. Microwaves can cause significant damage to electronic devices and pose serious safety risks, including the risk of fire and explosion. This method should never be attempted."

F5’s Mr Backer recommended immediately disconnecting the phone from the internet – either by turning off Wi-Fi and mobile data or activating airplane mode. 

"This will block the malware's ability to communicate with its command-and-control servers, preventing further spread and potential harm."

The next step would be to boot the device in safe mode to temporarily disable the applications on the phone. 

Check the list of installed apps on the phone and look out for apps that appear unfamiliar or suspicious, especially those you do not recall downloading. Also look out for apps with generic names, misspelt titles or icons that don't belong to authorised app stores.

Once suspicious apps have been removed, install a mobile security software app from a reliable source, said Mr Backer. 

"This software will run a thorough scan to detect and eliminate any remaining dormant malware viruses lurking in the system. As a precaution, change your passwords in case your accounts were compromised while the malicious app was on your phone."

As malware installed could have been backed up onto the cloud, users should delete recent automatic backups. Even then, some malware can remain hidden, quietly monitoring user activities until another attack opportunity presents itself, warned Appdome’s Mr Sysmans.

Mr Yeo recommended doing a factory reset before reinstalling all the apps from authorised app stores manually. 

What next?

If you suspect you've been a victim of a scam, always file a police report. You can do this online or in person at a neighbourhood police centre. 

Depending on the type of scam, you should take different actions.

If your personal and banking credentials have been compromised, call your bank to halt unauthorised transactions or freeze your account. 

If you have fallen victim to an e-commerce scam, you can report the advertisement to the platform admin to have it taken down. 

If your online accounts have been hacked, or you are being impersonated, you should notify friends and family in case they are contacted by the scammer. 

Source: CNA/sk(cy)

Comments