Evenings are a time when Mr Ng Jia Xiang, 38, winds down with video games. But one evening in 2021 was anything but relaxing.
“I couldn’t log in at all, which is strange as I had not changed my password recently,” says the freelance web designer. He didn’t, but someone else did – without his knowing who, how or when.
“I became really paranoid,” he says, adding how he had previously received unknown email login notifications.
Since then, Mr Ng has been running weekly anti-virus scans on his computer and mobile devices, and enabled two-factor authentication (2FA) wherever possible. He also started using a password manager to save all his login details, and to generate stronger passphrases.
The episode continues to bug him. “I never figured out how it happened, and can only hope that the perpetrators did not obtain sensitive information. I’ll just try to keep everything cleaned, checked and updated as much as possible.”
Mr Ng’s actions are in line with “cyber hygiene” recommendations. The Cyber Security Agency of Singapore (CSA) defines “cyber hygiene” as practices performed regularly to maintain the digital health and security of devices, networks and data.
4 ways to stay cyber-safe Enable 2FA, such as one-time passwords from a digital token/SMS and use strong passphrases of at least 12 characters, with a mix of numbers, symbols and upper/lower case letters. Do not use the same passwords for different accounts.
Beware of phishing scams by verifying the authenticity of emails, calls or requests through official sources and checking with family and friends.
Update software promptly by enabling automatic updates. Regularly review and remove apps that are not needed.
Add ScamShield and anti-virus apps from official app stores, and refer to CSA’s recommended security apps list at go.gov.sg/antivirusapps
“Adopting good cyber hygiene practices will enable us to better secure our confidential data and valuables from cyber criminals,” says Mr Henry Tan, deputy director of the Cybersecurity Engineering Centre, CSA.
Get a round-up of the top stories to start your day
Thank you!
Sign up
By signing up, I accept SPH Media's Terms & Conditions and Privacy Policy as amended from time to time.
Yes, I would also like to receive SPH Media Group's SPH Media Limited, its related corporations and affiliates as well as their agents and authorised service providers.
marketing and promotions.
“It is also important for everyone to keep up to date with scam trends as cyber criminals are constantly thinking of new ways to trick victims.”
He adds that users can subscribe to CSA’s advisories and follow their social media accounts (details at csa.gov.sg) and visit the Scam Alert website (scamalert.sg) for the latest information.
Yet the use of good cyber hygiene practices has been mixed, notes CSA’s Cybersecurity Public Awareness Survey in 2022, which polled 1,051 respondents, aged 15 and above.
More had enabled 2FA (35 per cent) and installed cybersecurity apps (50 per cent) compared with those polled in 2020 (22 and 39 per cent respectively).
But there was a dip in users who could identify strong passwords (54 per cent, down from 56 per cent) and those who did timely software updates (27 per cent, down from 30 per cent).
Scams getting more sophisticated Can you tell a deepfake video apart from a real, recorded one? Front-line staff at this bank underwent anti-scam training to ensure they can spot and manage scams, including malware and deepfake scams.
960 people fell for scams involving tickets to Taylor Swift’s concerts, with more than $538,000 lost. Some bought tickets from resellers, only to discover that they were fake and could not be used to enter the venue.
An elderly man was targeted in three scam attempts over two months. He would have lost $3.7 million if not for the swift intervention of the police and his banks.
To enhance safeguards against scams, the CSA rolled out two initiatives this year.
The Safe App Standard, launched in January, provides a common benchmark and guidance for local app developers and providers to protect their applications, guarding users against common malware and phishing attempts.
Measures include having secure authentication mechanisms to validate a user’s identity, preventing unauthorised access.
“We encourage developers of apps created and hosted in Singapore to adopt the standard, especially for apps with high-risk financial transactions,” says Mr Tan.
An enhanced fraud protection feature for Android mobile users rolled out last month, in partnership with Google, blocks the installation of apps not registered with Google and distributed through Internet-sideloading sources such as browsers and messaging apps.
The feature will assess and block these apps if sensitive permissions, such as access to SMSes, are requested.
Guard up against pop-ups
Received a pop-up notification that your computer is compromised?
Think twice, as it could be a “technical support scam”, says Police Superintendent Rosie Ann McIntyre, assistant director of the Scam Public Education Office Operations Department, Singapore Police Force.
At least 78 police reports have been filed since January this year, with losses of more than $6.7 million.
How does it work? The pop-ups lead users to believe that their device is compromised by hackers for illegal activities, prompting them to call a fake technical support hotline to resolve the issue.
“Users would be asked to access websites or download legitimate remote software to allow scammers to remotely access their devices,” says Police Superintendent McIntyre. “Scammers may also attempt to make calls to potential victims with the same deceit.”
On such calls, scammers posing as police officers would “help” victims lodge a fraudulent police report and log into their internet banking account to “apprehend” the hackers.
They would then remotely access the victim’s computer to make unauthorised transactions using the victim’s bank account.
Police Superintendent McIntyre advises: “Refrain from clicking on such pop-up notices or links within them, and only seek technical support from reputable sources.”
This is part of a series titled "Act against scams", in partnership with the Singapore Police Force.
Unlock unlimited access to ST exclusive content, insights and analyses
ST One Digital - Annual
$9.90 $4.95 /month
Get offer
$59.40 for the first year and $118.80 per year thereafter.
ST One Digital - Monthly
29.90 $9.90 /month
Subscribe today
No lock-in contract
Unlock more knowledge, unlock more benefits
New feature: Stay up to date on important topics and follow your favourite writers with myST All subscriber-only content on ST app and straitstimes.com Easy access any time via ST app on one mobile device
Join ST's WhatsApp Channel and get the latest news and must-reads.
Scams SINGAPORE POLICE FORCE CYBER CRIME CSA CYBERSECRUITY
Facebook Telegram More Whatsapp Linkedin Twitter FB Messenger Email Print Purchase Article Copy permalink https://str.sg/L8Lk
Read this subscriber-only article for free!
Just sign up for a free account and log in to continue reading.
Good cyber hygiene routine can keep dirty tricks of scammers at bay
Sign up
Already have an account? Log in.
All done! This article is now fully available for you
Good cyber hygiene routine can keep dirty tricks of scammers at bay
Read now
Please verify your e-mail to read this subscriber-only article in full
Good cyber hygiene routine can keep dirty tricks of scammers at bay
Resend verification e-mail
The gift link for this subscriber-only article has expired.
Get unlimited access to all stories at $0.99/month for the first 3 months.
Subscribe now
You have reached your limit of subscriber-only articles this month.
Get unlimited access to all stories at $0.99/month for the first 3 months.
Subscribe now
Read and win!
Read 3 articles and stand to win rewards
Let's go! Terms & conditions apply
Frequently asked questions
Good job, you've read 3 articles today!
Spin the wheel now
Let's go! Terms & conditions apply
Frequently asked questions