08/10/2022

Protect yourself from fraud & scams

How Malware takes remote control of your HP after you download 3rd party apps

Update 29 Dec 2023: DEEPFAKE VIDEO OF PM LEE PROMOTING SOME INVESTMENT SCAMS

Imagine this: you’re leisurely scrolling through your usual YouTube shorts, and suddenly, an unexpected advertisement pops up.

Prime Minister (PM) Lee Hsien Loong appears to be promoting a crypto-trading video on the Beijing-based news outlet China Global Television Network (CGTN). Yes, PM Lee seems to be discussing the benefits of a hands-free crypto trading platform, which boasts the ability to compute algorithms, analyse market trends, make strategic investment decisions, and execute trades—all autonomously, without any manual input from the user.

On 29 Dec, PM Lee shared a recent deepfake video that has been circulating online. Elaborating on the type of scam involved, PM Lee explained that scammers employ AI (artificial intelligence) technology to mimic our voices and images. They transform real footage of us, taken from official events, into very convincing but entirely bogus videos of us purportedly saying things we have never said. PM Lee urged people not to respond to such scam videos, which promise guaranteed returns on investments.


DEEPFAKE VIDEO OF DPM LAWRENCE WONG SELLING SOME INVESTMENT SCAM

With the rise of artificial intelligence (AI), it’s sometimes difficult to tell what is real anymore. A deepfake video of Deputy Prime Minister Lawrence Wong promoting an investment scam has been circulating on Facebook and Instagram. The worst part is that it looks real.

Deepfakes are media that have been altered by AI to look or sound like someone. In the video, DPM Wong’s mouth is altered to synchronise with a fake voiceover that sounds like him. Yes, the voiceover mimics the pitch and intonation of DPM Wong’s actual voice. Don’t believe me? You can watch the deepfake video here

Notably, the video was made from modified footage of DPM Wong giving an interview recorded by The Straits Times. The deepfake video promotes an investment scam, even using terms reminiscent of a DPM speech, like “my dear Singaporeans”.


Spate of Online Scams

An online order for grouper fillets that was supposed to cost $10 ended up costing one woman more than $44,000 after scammers took control of her Android phone and banking details remotely.

Ms Jacqueline Khoo, 58, lost $44,487 from two credit card accounts and three bank savings accounts from POSB in a few hours after she clicked on a link to download a third-party app, following which scammers then increased her credit limits and siphoned out her money. Ms Khoo had chanced upon a Facebook advertisement for grouper fillets from a seafood supplier called “Fresh Market TGS” on Aug 25.

She was attracted by a deal that offered $10 grouper fillet with free shipping and contacted the seller on Facebook. “Although I never bought anything from Facebook before, I had previously bought fish and pork from Shopee and Qoo10. I was not suspicious of the ad and it never occurred to me that this was a scam,” she told The Straits Times.


How to protect your privacy online – and why that matters
Failing to protect your digital privacy can lead to a host of issues, from identity theft to your accounts being hacked

In the age where every Google search inevitably results in customised ads showing up on your screen, and social media platforms suggest friends of friends to follow, it’s understandable why many people give up on digital privacy. After all, why bother when the Internet already knows so much about you (and all the cat videos you watch)?

In reality, we should all be doing our best to maintain our digital privacy. More than just having your embarrassing social media photos shared in public, a lack of digital privacy can have far-reaching consequences.

For example, password leaks and hacks can lead to your accounts being hijacked. Even if your passwords are safe, your identity may not be: If your full name and IC number are retrieved by a malicious actor, they can be used to apply for credit cards or loans, or even commit fraud at medical institutions. In some cases, the victim might not even be aware that their accounts or information have been compromised until they attempt to log in or are notified by the authorities.

Here are six ways to keep your personal information safe from potential breach:
  • CHECK YOUR PRIVACY SETTINGS
  • YOUR PASSWORD STATUS: IT’S COMPLICATED
  • DON’T REMEMBER PASSWORDS, MANAGE THEM
  • STAY UNDER THE RADAR
  • ENABLE TWO-FACTOR AUTHENTICATION
  • DON’T FORGET ANTI-VIRUS SOFTWARE

Protect yourself from online scams and attacks

One of the most common attacks we see are what we call “phishing” attacks (pronounced like fishing). This is when an attacker contacts you pretending to be somebody you know or an organization you trust, and tries to get you to give them personal information or open a malicious website or file.

Most phishing attempts arrive via email, but they can also come via text messages, direct messages on social media, or even phone calls (what we call "Vishing"). What they all have in common are:
  • A trusted sender - The message or call will appear to come from a person or organization you trust.
  • An urgent request - The messages usually have a sense of urgency to them.
  • A link or attachment - The message will include something you need to click on – a link to a website, or an attached file most commonly.

7 tips to help you protect yourself from Internet bank fraud

You may not think that you have any highly coveted information. So why would cybercriminals be interested in you? Actually, fraudsters look for identities just like yours to avoid raising any suspicion about their crimes. 

Using details about your identity (last name, first name, address, social insurance number, bank information), a fraudster could use your information to apply for mortgage loans or credits cards in your name. Your identity could also be used to create a fake passport or driver’s license.

7 fictional examples of bank fraud:
  • Don’t believe every email or text message you receive
  • Don’t let your guard down in the face of unexpected situations
  • Don’t share your bank details over social media
  • Don’t share personal information about your identity
  • Don’t pounce too quickly on online deals
  • Don’t be blinded by love
  • Exercise caution when buying or selling stuff online


11 Ways to Protect Yourself From Fraud
Take these steps to keep safe from scams, identity theft and spam calls

Among the reasons to be glad 2020 is nearing an end: It was a banner year for scammers. Along with the usual assortment of thefts, COVID-19 fraud ranged from fake product offers and bogus testing ploys to rip-offs involving stimulus checks.

As always, your best defense against fraud is you. While planning your New Year's resolutions, put these to-dos on your list. Some you can do right now, while others are behaviors to adopt. Together they'll help protect you and those you love in the coming year:
  • Improve your password protection
  • Protect your mail
  • Check your credit report
  • Filter your phone calls
  • Manage your emails
  • Do a quick Facebook privacy checkup
  • Vet unfamiliar e-retailers
  • Say no to gift cards
  • Copy all the contents of your wallet today
  • Don't send nudes!
  • Stop, breathe, ask

New scam? Man pretends to be hit by car in Serangoon

What a dramatic accident — except that there was no collision involved. A man was caught on camera throwing himself out in front of an oncoming car and then falling onto the ground even though the vehicle did not hit him.

Several readers alerted Stomp to the video that has been circulating online since Wednesday (Sept 28). The incident reportedly occurred along Serangoon North Avenue 5 on Monday evening. In the video, the pedestrian is seen flinging himself onto the road in an exaggerated tumble.

The driver who captured the video, however, had honked and stopped in time while still some distance away from the man. She can be heard saying, "What are you doing?" It is unclear what the man replied but he continued to sit on the road. Many netizens called out the incident for being a "100 per cent insurance scam" and made sarcastic comments about the man's acting.


Anti-scam app ScamShield now available for Android users
(From left) Open Government Products director Li Hongyi, Minister Sun Xueling, Senior Minister Teo Chee Hean, NCPC chairman Gerald Singham and Deputy Commissioner of Police (Policy) Jerry See launching the Android version of ScamShield. ST PHOTO: GIN TAY

Android users can now download an app called ScamShield, which can block calls from blacklisted numbers that have been verified as scam-related.

The app, which can also identify scam SMSes, is available on Google Play Store.

It has been available to iOS users since November 2020.


How does ScamShield work?

The app filters incoming calls and text messages. ScamShield compares an incoming call against a list maintained by the Singapore Police Force to determine if the number has been used for illegal purposes and blocks it.

When you receive an incoming SMS from an unknown contact, ScamShield will determine if the SMS is a scam using an on-device algorithm. For iOS, it filters the messages to a junk SMS folder. For Android, a notification is sent to users to notify them that a scam message has been received.

Scam SMSes will be sent to NCPC and SPF for collation. This keeps the app updated and will help protect others from such scam calls and messages.  Features of Scam Shield:
  • Block scam calls
  • Detect scam SMSes
  • Report scam messages

WhatsApp users in S'pore urged to update app to patch security holes
The first system flaw allows an attacker to take control of the app while a user is making a video call REUTERS

WhatsApp users in Singapore have been urged to download the latest version of the application to fix two security flaws that could give hackers complete control over the app.

Issuing the alert on Wednesday, the Singapore Computer Emergency Response Team (SingCert) said users should install the latest version of the app "immediately" even though there are currently no reports of active exploitation of the loopholes.

The first system flaw allows an attacker to take control of the app while a user is making a video call.


How You can Avoid being Scammed
Scams have been increasing of late. Here’s how to stay safe

Ever received emails from “royals” seeking help to transfer money out of their country in exchange for a percentage of the loot? Or phone calls informing that you’ve won a seven-figure overseas lottery and the only way to receive the payout is by providing your banking details? These are just some examples of classic scams that have been around since mobile technology became a part of our everyday life.

Scammers, though, have been evolving in recent years, becoming sophisticated cons who not only target individuals but businesses and organisations as well. The first half of 2020 saw the number of scams in Singapore jump by 140 per cent compared to 2019. More troublingly, a survey by the Home Team Behavioural Sciences Centre found that 45 per cent of scam victims reported being scammed more than once. According to the Singapore Police Force, last year saw a whopping $201 million lost to scammers, much of it online as Singaporeans turned to websites and apps to carry out activities like banking and buying groceries due to the COVID-19 pandemic. Scammers have also begun to target people working from home through robocalls, as well as seniors who are unfamiliar with the Internet.

The rising number of scam victims is testament to the increasing psychological sophistication of scammers’ tactics ­in crafting false proof, impersonating the victim’s close friends and using the victim’s shame about possibly falling for a scam to continue extracting money from them. Romance scammers are especially adept at identifying victims who are lonely, vulnerable and easily manipulated — a group that is increasing in size worldwide, due to COVID-19’s impact on social lives. Ensure your safety and that of others by familiarising yourself with common methods of fraud. Here are the top 10 scams in Singapore (in no particular order):
  • E-COMMERCE
  • SOCIAL MEDIA IMPERSONATION
  • INTERNET LOVE
  • CREDIT-FOR-SEX
  • CHINESE OFFICIALS IMPERSONATION
  • TECH SUPPORT
  • BANKING-RELATED PHISHING
  • NON-BANKING-RELATED PHISHING
  • LOANS
  • INVESTMENT


Banks to remove clickable links in emails, SMS sent to customers as part of new security measures
New measures for digital banking are to be rolled out for banks in Singapore, after a recent spate of SMS phishing scams affected at least 469 of OCBC's customers

Banks in Singapore will be removing clickable links in emails or SMS messages sent to retail customers and set the threshold for funds transfer notifications to customers by default at S$100 or lower. These are part of several measures to protect account holders from phishing scams. The changes, announced by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) in a joint statement on Wednesday (Jan 19), will be implemented within the next two weeks.

The new measures came after at least 469 customers were affected by an SMS phishing scam targeting OCBC bank customers, with losses totalling at least S$8.5 million. The fraudsters had sent out fake bank alerts that spoofed the bank's official SMS channel, duping many of them into clicking on web links and giving up their personal account information last month. In the joint statement, MAS and ABS said that these measures will bolster the security of digital banking, given that it will lengthen the time taken for certain online banking transactions and also provide an added layer of security to protect customers’ funds.

Other measures that banks will be putting in place include:
  • Delaying activation of a new soft token on a mobile device by at least 12 hours
  • Sending notification to a customer's existing mobile number or email registered with the bank whenever there is a request to change a customer’s mobile number or email address
  • Introducing a cooling-off period before executing requests to important account changes such as in a customer’s key contact details
  • Having dedicated and well-resourced customer assistance teams to deal with feedback on potential fraud cases on a priority basis
  • More frequent scam education alerts


What Is Pig-Butchering Scam 杀猪盘

I want to raise awareness on the Pig-Butchering scam or Sha Zhu Pan in Chinese. So called because victims are patiently worked on every day for 1-3 months before scamming them big time, like fattening up a pig before slaughter. They have extremely well-planned operations and have really been successful in the Chinese-speaking world. Sha Zhu Pan scam has become one of the top Chinese buzzwords in 2019-2020.

Victims are scammed on average $24k, and millions in total have been lost. It's a huge cottage industry that Chinese police has had a hard time stamping out. There are scores of recent news stories, blogs, video clips, and other media online about Sha Zhu Pan victims and scammers. Sadly, almost all are in Chinese. I think the rest of the world has to wise up to this, because now as most Chinese are becoming aware of this Pig-Butchering Scam, the scammers are turning their skills more towards non-Chinese, more so this year.

This first half is somewhat detailed because since everyone is generally aware of romance scams, being vague won't convince someone who is in the thick of it and thinks that his/her online friend is THE exception. Exposing specific details of the Pig-Butchering scam is most convincing to current victims that the "spontaneous" events are actually planned.


Top 10 Scams in Singapore
Scams have been increasing of late. Here’s how to stay safe

Ever received emails from “royals” seeking help to transfer money out of their country in exchange for a percentage of the loot? Or phone calls informing that you’ve won a seven-figure overseas lottery and the only way to receive the payout is by providing your banking details? These are just some examples of classic scams that have been around since mobile technology became a part of our everyday life.

Scammers, though, have been evolving in recent years, becoming sophisticated cons who not only target individuals but businesses and organisations as well. The first half of 2020 saw the number of scams in Singapore jump by 140 per cent compared to 2019. More troublingly, a survey by the Home Team Behavioural Sciences Centre found that 45 per cent of scam victims reported being scammed more than once. According to the Singapore Police Force, last year saw a whopping $201 million lost to scammers, much of it online as Singaporeans turned to websites and apps to carry out activities like banking and buying groceries due to the COVID-19 pandemic. Scammers have also begun to target people working from home through robocalls, as well as seniors who are unfamiliar with the Internet.

The rising number of scam victims is testament to the increasing psychological sophistication of scammers’ tactics ­in crafting false proof, impersonating the victim’s close friends and using the victim’s shame about possibly falling for a scam to continue extracting money from them. Romance scammers are especially adept at identifying victims who are lonely, vulnerable and easily manipulated — a group that is increasing in size worldwide, due to COVID-19’s impact on social lives. Ensure your safety and that of others by familiarising yourself with common methods of fraud. Here are the top 10 scams in Singapore (in no particular order):
  • E-COMMERCE
  • SOCIAL MEDIA IMPERSONATION
  • INTERNET LOVE
  • CREDIT-FOR-SEX
  • CHINESE OFFICIALS IMPERSONATION
  • TECH SUPPORT
  • BANKING-RELATED PHISHING
  • NON-BANKING-RELATED PHISHING
  • LOANS
  • INVESTMENT