Singapore needs layered strategy against fraud
Scam and cybercrime cases in the city-state rose 18% to 28,751 in the first half.
Fraud prevention is not a one-size-fits-all approach, and detection technology must evolve to counter emerging threats and sophisticated scam methods, an anti-fraud and identity expert said.
Thanh Tai Vo, director of fraud and identity for Asia Pacific at LexisNexis Risk Solutions, said fraud has advanced in Singapore due to the increasing use of new payment methods and digital channels.
Scam and cybercrime cases in Singapore rose 18% to 28,751 in the first half from a year earlier, according to a report by the Singapore Police Force. The average amount lost per scam increased 7.1% to $10,819 (S$14,503), with 59.8% of all cases involving losses of $1,492 (S$2,000) or less.
E-commerce scams were the most common, with 7,250 cases and total losses worth $6.4m (S$8.6m). Job scams followed with 3,330 cases, and phishing scams with 3,447 cases.
Most e-commerce scam victims were 30 to 49 years old, accounting for 44.3% of victims. The most common platforms where e-commerce scams happened included Facebook, Carousell and Telegram.
A particularly alarming trend, Vo said, is the rise of authorised push payment scams, where victims are manipulated into moving funds to fraudsters posing as legitimate payees. These scams made up 86% of total cases in Singapore, with most incidents involving self-initiated transfers prompted by deception or social engineering.
Vo also pointed to the growing threat of deepfakes and artificial intelligence (AI)-related scams, which have become more convincing.
Singapore showed higher susceptibility to deepfakes, with 56% of businesses having encountered audio deepfakes, placing the country above the global average, according to Regula, which develops forensic devices and identity verification solutions.
“Nonetheless, it is crucial to remember that humans or bots still execute these scams, and in doing so, exhibit risk signals, particularly when an anti-fraud system flags a transaction, device or identity as high risk,” Vo said.
Fraudsters also use advanced technologies such as facial recognition to exploit victims, complicating fraud detection efforts, he added.
Vo cited the need to adopt a multi-layered fraud prevention approach that includes digital intelligence, behavioural analysis, and looking at destination funds.
Digital intelligence involves analysing anomalies around devices, email addresses, phone numbers, locations, and internet addresses, alongside users’ historical behaviour, Vo said.
Meanwhile, behavioural analysis focuses on how users interact online and with devices, identifying changes in user behaviour that may indicate stress or coercion, such as when victims are tricked into transferring funds.
One should also assess the risk associated with the destination of funds because recipients may have already been flagged as money mules or fraudulent accounts.
“By implementing these comprehensive security layers, companies can more effectively anticipate and mitigate risks associated with deepfake technology and other AI-based scams,” Vo said.
In July, the Monetary Authority of Singapore partnered with the Association of Banks in Singapore a plan to phase out one-time passwords for account logins by customers who use digital tokens, enhancing protection against phishing attacks.
The central bank has also assigned duties to financial institutions and telecommunication companies in the fight against phishing. Consumers are also entitled to payouts in case of corporate negligence, based on the rules that will take effect on 16 December.