Stepped-up Measures to Combat Phishing-related Crimes to Enhance Cybersecurity for Individuals

19 Mr Liang Eng Hwa asked the Minister for Home Affairs in view of the recent numbers of phishing scams as stated in the police advisory of 13 November 2023 and the amount of losses involved, whether there are any stepped up measures by the Ministry and the relevant agencies to combat the related crimes and to enhance cybersecurity of individuals.

Mr K Shanmugam: In this recent scam variant, WhatsApp users who were attempting to access their WhatsApp account on their computer had clicked on a fake "WhatsApp Web" phishing website. They had then scanned the QR code in the website via their WhatsApp account on their mobile device. In doing so, they inadvertently granted the scammers access to their WhatsApp account. The scammers then used the compromised WhatsApp account to impersonate the user, and reached out to the user's family and friends, and convinced them to transfer monies to the scammers' bank accounts or PayNow numbers.

To combat this scam variant, the Singapore Police Force (SPF) has been working with Meta to stop further abuse of compromised WhatsApp accounts, as soon as they are detected.

The SPF has also been working with online platforms, including Google, to introduce stronger safeguards to mitigate the risk of fraudulent takeover of online messaging accounts, such as through the pre-emptive detection and blocking of URLs linked to phishing sites.

The Online Criminal Harms Act, which will be progressively operationalised from this quarter, will allow the Government to direct online messaging platforms to disable access to accounts suspected to be involved in scams. The Government can also require designated online service providers to introduce upstream measures to safeguard against the misuse of online accounts.

Ultimately, however, the best defence against scams is a vigilant and discerning public. To this end, the Government has been running campaigns to encourage the public to adopt good cyber practices. For instance, the Cyber Security Agency of Singapore (CSA) recently launched the fifth edition of the National Cybersecurity Campaign, which aims to raise awareness and drive adoption of good cyber practices. The SPF and CSA also work with other agencies on more targeted campaigns, such as the SG Cyber Safe Students Programme, which supports schools in the conduct of cybersecurity lessons.

In addition, the SPF regularly highlights emerging scam variants and the measures that the public can take to protect themselves. Specific to the recent spike in phishing scams involving compromise of WhatsApp accounts, the SPF had issued several advisories which urged members of the public to adopt the three simple steps of "Add", "Check", "Tell".

First, "Add" security features, such as enabling two-step verification on your WhatsApp and other online messaging accounts. Turn on your notification settings to be alerted to changes to linked devices.

Second, "Check" that you are on the official WhatsApp website. Check your "Settings" for unauthorised linked devices and be wary of unusual requests from your contacts whose accounts may be compromised.

Third, "Tell" your family and friends about your scam encounters and report any fraudulent activity to your bank and to the Police immediately.