Singapore is an excellent place to start a business. Our strong and stable economy, high level of connectivity to the region and beyond, strong government support and competitive corporate tax rates make it ideal to start a company or base a regional hub here.
An unfortunate side effect of Singapore’s vibrant economy is that businesses are increasingly becoming a target for opportunistic scammers.
In the past year, scammers targeted businesses regardless of size and industry, and their methods range from the seemingly harmless to very sophisticated. Earlier this year, the Singapore Police Force, together with United Arab Emirates authorities and INTERPOL, recovered over $300,000 from international scammers who had targeted the staff of a product trading company based in Singapore using a business email compromise (BEC) scam.
Knowing how your business may be scammed is the first step to protecting you and your employees.
#1 Phishing Scams / Business Email Compromise Scams
When a piece of communication, such as an email or an instant message is intentionally designed to appear to come from a legitimate source, that is known as phishing. Phishing scams often take advantage of the trust victims have in the purported sources to obtain valuable personal information.
When it comes to businesses, a particularly insidious type of phishing scam targeting senior executives are known as business email compromise scams.
The Singapore Business Federation (SBF) recently held Singapore’s first coordinated phishing exercise and the results showed that many employees across multiple sectors were highly susceptible to phishing emails.
For two weeks from 15 to 28 February this year, phishing emails pretending to be account and security alerts were sent to over 4,500 employees across five business sectors including Retail, Healthcare and Medical. In the exercise, more than 30% of the emails were opened, and 17% of the recipients clicked on a phishing link. This is 8% higher than the global phishing rate.
Another worrying problem is that only about 5% of the employees reported the phishing attempt – which is lower than the global average reporting rate of 18%.
The findings also showed that the click rate between large companies and SMEs was closely tied. Despite the resource advantage larger companies may have in terms of providing cybersecurity training, it appears that both large and small companies were equally likely to fall for phishing attacks.
Read Also: 8 Things Businesses Can Do To Avoid Malware And Cyber Attacks Holding Your Company To A Ransom
#2 Impersonation Scams
There have been many scams involving impersonating a government official, such as an MAS authority figure, a police inspector, immigration officer or a staff of the courts. According to the Singapore Police Force, it was among the top 5 scam types in Singapore last year.
However, when it comes to businesses, scammers are more likely to impersonate buyers and suppliers. In September last year, the SPF reported that businesses providing IT equipment and accessories were being targeted by scammers.
In such scams, businesses would be contacted by scammers impersonating staff from reputed organisations looking to buy large quantities of IT equipment and accessories at short notice. Knowing the businesses would not have sufficient stock to fulfil the order, the fake buyers would also provide contact details of fake suppliers that the businesses could order from.
Then, using forged screenshots implying full payment to the victim, the fake buyers would con the victim to send money to the fake suppliers. The victim would only realise the scam after checking their accounts and realising that the fake buyer had not made any payments.
Similar impersonation scams targeted the renovation, F&B, retail and service industries earlier in 2024. The modus operandi is similar – fake buyers make a bulk order that the victims cannot fulfil and provide the contact details of fake suppliers that the victims then make full upfront payment to. Once again, the scam is only uncovered when it becomes obvious that no payment was made by the fake buyer.
Another type of impersonation scam businesses may encounter involves impersonating the victim’s colleagues, business partners or suppliers.
Scammers use either spoofed email addresses of the victim’s legitimate contacts, often involving misspelling or subtle differences, to gain their trust. These emails would inform the victim of a change in their bank account numbers, requesting a transfer to a new bank account. Targets of this scam are often those engaged in purchasing decisions or in HR payroll, who are directly responsible for making such crucial changes.
Read Also: Most Common Scams in Singapore In 2024 – How Singaporeans Can Protect Themselves
#3 Digital Manipulation Scams
Perhaps the most sophisticated scam tactic today involves the use of Artificial Intelligence (AI). Deepfakes, the use of AI to edit and generate false content of real people, have been around for almost a decade. In the past two years, as more resources are invested into the technology, the capability to create realistic and believable deepfakes have experienced significant improvement.
Scammers are now using this technology to impersonate high-ranking executives from companies that the victims work for. Upon gaining the trust of the victim, the scammers would then instruct them to transfer large sums from the company’s corporate bank accounts. The scammers would find elaborate ways to keep up the ruse as long as possible, including impersonating other executives and sending forged documents to substantiate the alleged business payment, project financing or investment.
How Can Businesses Protect Themselves From Scams?
Many scams targeting businesses in Singapore are heavily reliant on the implicit trust that employees have in their colleagues and other business contacts.
Businesses should therefore establish protocols and procedures to verify the authenticity of any video calls, messages or emails. This can include regular reminders on cybersecurity as well as constant refreshers on phishing and deepfake techniques.
Employees should also be mindful of any sudden or urgent fund transfer requests, whether it comes from a colleague or a potential buyer or supplier. Always check with the relevant departments and personnel via established communication channels.
Where possible, secure your official work accounts using strong passwords, and enabling Two-Factor Authentication (2FA). This will make it harder for email accounts at work to be hacked and compromised by scammers, who may use it to scam others.
Subscribe To The DollarsAndSense Business Pass
Enjoy what you are reading and want more? Join The DollarsAndSense Business Pass and unlock access to valuable tools, exclusive networking opportunities, and tap into the wisdom of industry experts to fuel your business expansion!
