4 Aug 2023

SOURCE: CPF Board

As the times change, so do the ways scammers operate. To avoid falling prey, the best course of action is to stay up to date with the latest scam tactics while ensuring you are safeguarded against them.

The good news is that where scams are concerned, what the scammers can and cannot do are determined by your actions. This means that you can actually block out their attempts at scamming you, provided you take the right actions and avoid making mistakes that they can take advantage of.

Here are some Do’s and Don’ts to keep yourself safe from being scammed!

Do's

1) Only download and install applications from official app stores

Malware (short for malicious software) refers to intrusive software developed to steal data from or damage the devices they are installed in. It allows the scammer to operate your device without your permission, including sending money to the scammer himself or making transactions without your knowledge.

Such was the case recently where an elderly man was tricked by a scammer into clicking a link that would he believed was taking him to an online order form to purchase cheap seafood. What it actually did, however, was download malware into his phone, allowing the scammer to operate his phone remotely. The scammer then proceeded to withdraw the victim’s CPF savings into the victim’s bank account, before transferring the money into the scammer’s account. This was all done without the victim’s knowledge, consent, and the scammer was able to bypass two factor authentication (2FA) as the malware had allowed full remote access to the victim’s device.

As dangerous as malware can be, it’s important to note that they can only be installed with your permission. This is why scammers need to disguise the malware as other types of non-threatening app in the first place: to make you think you are downloading something else. For instance, the scammer might try to convince you that you’re downloading an app for an online purchase.

To prevent this, it’s imperative that you only download applications from trustworthy sources, like the official app stores where there are teams of people verifying the safety of the apps they carry. You can also check the developer information on the app listing, the number of downloads and user reviews to ensure it is a reputable and legitimate app.

If you fall victim to a malware scam, do not panic. This article can help guide you on what to do in such a scenario.

2) Be cautious with your phone’s accessibility services 

Accessibility services are services on your phone that make an app more accessible. While convenient, these services can also work against you by giving scammers easy access (through the malware) to your device remotely, as seen in the case mentioned above. When the victim tried to restrict access to the unknown app and deleting it after downloading it, he was unsuccessful as the app had already allowed the scammer to control his device. Hence, it is important to change your device’s accessibility services as early as possible, rather than after you download something.

By restricting the apps, including malware, that can have access to your device, you can prevent scammers from remotely controlling your device and accessing your personal information. We have prepared a video that covers some basic pointers:

As an additional precaution, you can disable “Install Unknown App” or “Unknown Sources” in your phone settings. And if you suspect that there is a malware running on your device, you can also switch on the airplane mode to cut off external access.

3) Install anti-virus/anti-malware applications and update your device with the latest security patches

Scammers who use malware primarily rely on the gaps in your device’s antivirus functions or firewall. Security patches are updates that are frequently published by developers to help strengthen the device and fill the gaps.

However, these security updates are not installed automatically. You will have to update yourself, and it is recommended that you do so immediately after an update is released. You should also download security patches from a trustworthy source, as scammers can disguise malware as an important security update!

Anti-virus and anti-malware applications do exactly as their names suggest: they help to keep your devices safe virus and malware. While these applications may not come pre-installed on your device, they help to reinforce existing defences that the device already has, thereby providing an additional layer of protection. For example, such applications will often notify you if you are visiting a non-trusted website or downloading a suspicious app.

Don'ts

1) Keep your passwords on notepad or similar apps

Passwords are an important part of accessing your important accounts, including your email, banking and Singpass accounts. While jotting down all your various passwords in one place makes it easy to find the right password when you forget, it also increases the risk. If all your passwords are kept on one document in your device like notepad or a similar app, should your device be compromised, the scammers will know all your passwords at one go.

To prevent this, it helps not to jot your passwords down on a document. If remembering passwords is difficult, have your passwords based on things that are unique to you. Examples include a special date and location, the name of your old school and so on. Strong passwords are those that have a mixture of symbols, upper and lower case letters, numbers, and are difficult to guess based on your immediate information. You should also use unique passwords for different accounts, as an added precaution!

2) Be tempted by deals that sound too good to be true

Everyone loves a good discount. However, if a deal sounds too good to be true, please think twice.

If someone has a good deal that requires you to click a link or download an app, always approach with caution. If the link or app looks suspicious, do not download. Once you click that link or download the app, there is a big risk that malware will be downloaded onto your device.

3) Be tricked into providing your personal information

In addition to malware, scammers can also use fake websites disguised as legitimate sites to trick you into divulging vital personal information, such as your credit card information and banking credentials. They might tell you there is an error with your account or transaction, thereby requiring your details to resolve it.

Always double check to ensure that the site is legitimate. For example, check the URL to ensure that it is correct. In the case of government organisations, it would have .gov.sg in the URL. If you need more confirmation, you can always call the organisation or bank in question and verify if such a link is authentic, or if such an error has occurred in the first place.

Your information can be just as valuable as your savings, as it serves as the key to access such resources. It is of utmost importance that you stay vigilant and do your part to ensure your information is in safe hands. Remember, if you take the proper actions to safeguard your information, there is nothing the scammers can do to breach your accounts and savings.

For more information, please visit the scam alert site at www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.

The information provided in this article is accurate as of the date of publication.