Bylines Cyber Crime & Forensic Identity & Access Threat Detection & Defense

Fortifying The Future of Cybersecurity

Siang-Tse Foo April 3, 2024

3 minutes read

fraud alert warning background stay safe from online scam vector

by Foo Siang-tse, Senior Partner, Cyber, NCS

It seems like there are new scam cases reported in Singapore every other day, with even digital-savvy professionals falling prey and others losing their life savings. Scammers are masquerading as well-known banks or other legitimate entities to convince victims to divulge their personal information, which is then used to carry out illegal transactions.

The impetus to better arm ourselves is more urgent than ever as scammers continue to accelerate their activities. They are organised, systematic and well-equipped. The number of scam and cybercrime cases increased by almost 50% in 2023 compared to 2022 and in just the first two weeks of January 2024 alone, at least 219 victims lost more than S$446,000 to scams, mostly by clicking on phishing links sent via SMS messages, according to the Singapore Police Force.

And it is not just suspicious SMS messages we need to be careful about because scammers continue to evolve their modus operandi. Synthetic identity theft, deepfakes, and cryptocurrency scams are just a handful of tactics that will likely gain further prominence this year. Individuals and organisations need to guard themselves against such tactics, failing which, there can be far-reaching consequences on businesses, including financial loss, reputation damage and operational disruption. We can and must act to protect our data now for a safer future.

Cracking The Code
When we look deeper into scams, we will realise that the crux of the problem really is identity fraud. It underpins the fraudulent transactions in which scammers are able to convince one party that the other is bona fide. Scammers often do research on their victims and hence would be able to gather some basic facts from the internet and social media that are then used to perpetrate the scam.

It points to the importance of identity, authentication, and authorisation. Here, multi-factor authentication (MFA) plays a fundamental and crucial role in helping to significantly curb scams – if it is implemented where it matters.

For instance, one common trick involves scammers calling a targeted victim and assuming to be an entity that they’re not, such as a bank or retailer, in a bid to convince the victim to divulge their personal banking or payment details.

To stem the ability of such scams to follow through, businesses could send an alert via their official mobile app to inform customers a service agent will be calling them on their phone within the next minute. Customers can be further prompted to authenticate their identity via the app when the call comes through.

MFA technologies already are available to facilitate this, so it basically is a matter of applying the tool where it counts. And I think this should encompass any time a customer interacts with an organisation and not just those involving high-value transactions, which is often the case now. It takes two hands to clap – on one hand, the organisation needs to provide the tool and the customer needs to be educated that any interactions need to be verified through the tool.

To raise a sufficiently resilient wall of defence, it would also be wise for businesses to adopt a proactive approach that detects threats before they can reach any victims, such as AI-powered phishing detection systems that flag out phishing sites in real time.

Phishing attacks are becoming increasingly deceptive with personalised messages and AI technologies that convincingly replicate legitimate websites. However, by integrating deep learning models into phishing detection systems, we can create a multi-model approach that identifies linguistic and visual patterns in addition to domain checks.

That said, it will still take a village to raise a sufficiently resilient wall of defence. In short, everyone in the ecosystem needs to play their part.

It Is Not a Matter of ‘If’, But ‘When’
Just as it is important for businesses to implement the necessary guardrails, consumers play an equally crucial role as the last line of defence.

Organisations should conduct regular training sessions to educate employees about common scams and the latest social engineering tactics. This requires the necessary tools including email security, to detect and filter phishing and malicious email, and financial controls, such as implementing dual authorisation for transactions. There also should be rigorous procedures in place to verify invoices, purchase orders, and vendor information before payments are processed.

Topmost, businesses will want to determine their risk profile so they can identify the most critical areas to secure as well as risks they are willing to take. They then can optimise their investments in cybersecurity, mitigate the potential risks, and establish the necessary remediation in the event of a security incident.

As we continue to guard ourselves against current scam technologies, we must also begin to look to the future and remain one step ahead of evolving threats, to bolster our cyber defence and create a safer tomorrow.