The report also said attacks on Singapore-based banks cross borders and are highly interconnected.
It added that international fraud rings are heavily linked to attacks on organisations based in Singapore, as cyber criminals capitalise on the city-state’s status as a financial hub and its open economy.
“Fraudsters look at the relatively affluent population in Singapore and it’s a natural target, above other countries in the region. Definitely that open, connected financial hub is key to getting the money out potentially in an easy way,” said Dr Stephen Topliss, vice president of Global Fraud and Identity at LexisNexis.
WHY ARE BOT ATTACKS INCREASING?
Cyber criminals use bots to first test if stolen data are valid.
With the number of data security breach incidents on the rise, fraudsters have the personal information of more victims which they can use to attempt to gain access to their accounts.
In the past few years, a number of data leak cases in Singapore affected customers of several high-profile companies, including Marina Bay Sands, Starbucks and ShopBack.
“Cyber criminals now have more data, more credentials, to try and access social networks, banking accounts and apps,” said Mr Ryan Flores, senior manager of APAC Threat Research at cybersecurity firm Trend Micro.
“They use automated tools (bots) to test and once successful, they can have a human in place to do the (money) transfers, the scans and other social engineering attacks.”
Dr Topliss added that the surge in bot attacks also means that cyber criminals are increasingly using phishing scams to trick users into giving up their personal information.
“Phishing attempts are really aimed at getting our login details to access our accounts. That high volume of bot attacks reflects just how much we were all being targeted by phishing sites,” he told CNA’s Singapore Tonight on Tuesday (Dec 12).
PROTECT YOURSELF FROM CYBER ATTACKS
One cybersecurity expert said these bots use stolen personal data, hence the most important thing to do is change passwords frequently.
“Email is a good place to (steal) your personal information. So, protect your passwords and change them regularly. Because once an attacker goes into your email, they have a whole wealth of information about you,” said Professor Steven Wong, who is director of the Singapore Institute of Technology’s Centre for Digital Enablement.
Another way to thwart such attempts is to use different email accounts for different tasks, he added.
For example, one account should be used strictly for critical functions such as banking services, whilst another should be set up for non-important logins such as social media, online shopping or gaming.
However, Prof Wong said there also is a need to move towards a password-less system.
“The thefts and fraud use stolen credentials, such as passwords. So instead of memorising passwords, we could use other forms of authentication, for example, biometrics, digital tokens, etc,” he said.
PRACTICE GOOD CYBER SECURITY HABITS
All three experts lauded the Singapore government’s efforts to stop scams, such as the ScamShield app, which blocks scam calls and detects scam messages.
They also said banks have been working tirelessly on anti-scam measures such as anti-malware features in mobile apps and the latest initiative that allows customers to lock up their savings.
However, they warned that scam tactics are continually evolving, and consumers need to stay vigilant and practise good cybersecurity habits.
“At the end of the day, while the government and companies can do their part, a lot of times the breach or cybersecurity attacks are aimed towards the consumer. So, it’s really on the consumer’s cybersecurity awareness,” said Prof Wong.
Dr Topliss said: “As and when (scams) happen to us, we should not be embarrassed but we need to report it as quickly as possible to the police and financial institutions, because that will help us understand how the scams evolve and how to resolve them as soon as possible.”