Common Business Scams in Singapore

- Phishing Scams/Business Email Compromise:
- Emails or messages designed to appear legitimate to obtain valuable information
- Singapore’s first coordinated phishing exercise revealed:
- 30% of test phishing emails were opened
- 17% of recipients clicked phishing links (8% higher than the global average)
- Only 5% of employees reported the phishing attempts (lower than the global 18% average)
- Both large companies and SMEs were equally vulnerable despite resource differences
- Impersonation Scams:
- Scammers primarily impersonate buyers and suppliers rather than government officials
- Common tactics include:
- Ordering large quantities of products at short notice
- Providing contact details of fake suppliers
- Using forged payment screenshots while actually making no payments
- Impersonating colleagues/partners to request bank account changes for transfers
- Digital Manipulation Scams:
- Using AI-generated deepfakes to impersonate high-ranking executives
- Instructing victims to transfer large sums from corporate accounts
- Supporting the scam with forged documents for alleged business payments or investments

Protection Recommendations:
- Establish protocols to verify the authenticity of communications
- Provide regular cybersecurity reminders and training
- Be cautious of urgent fund transfer requests
- Verify requests through established communication channels
- Secure work accounts with strong passwords and two-factor authentication
The article notes that Singapore’s vibrant economy makes businesses attractive targets for scammers, with companies of all sizes and industries being affected. Earlier this year, Singapore authorities recovered over $300,000 from international scammers who had targeted a Singapore-based company.

Common Business Scams in Singapore
- Phishing Scams/Business Email Compromise:
- Emails or messages designed to appear legitimate to obtain valuable information
- Singapore’s first coordinated phishing exercise revealed:
- 30% of test phishing emails were opened
- 17% of recipients clicked phishing links (8% higher than the global average)
- Only 5% of employees reported the phishing attempts (lower than the global 18% average)
- Both large companies and SMEs were equally vulnerable despite resource differences

- Impersonation Scams:
- Scammers primarily impersonate buyers and suppliers rather than government officials
- Common tactics include:
- Ordering large quantities of products at short notice
- Providing contact details of fake suppliers
- Using forged payment screenshots while actually making no payments
- Impersonating colleagues/partners to request bank account changes for transfers
- Digital Manipulation Scams:
- Using AI-generated deepfakes to impersonate high-ranking executives
- Instructing victims to transfer large sums from corporate accounts
- Supporting the scam with forged documents for alleged business payments or investments

Protection Recommendations:
- Establish protocols to verify the authenticity of communications
- Provide regular cybersecurity reminders and training
- Be cautious of urgent fund transfer requests
- Verify requests through established communication channels
- Secure work accounts with strong passwords and two-factor authentication

The article notes that Singapore’s vibrant economy makes businesses attractive targets for scammers, with companies of all sizes and industries being affected. Earlier this year, Singapore authorities recovered over $300,000 from international scammers who had targeted a Singapore-based company.
In a troubling tale of deception, a business owner was ensnared by a group of scammers who expertly coaxed her into approving transactions that ultimately emptied her personal and company bank accounts.

On February 11, a 37-year-old woman from Singapore became the target of an intricate phone scam that would result in a staggering loss of over S$1.14 million within just four hours. The scheme began with an innocuous-sounding call from individuals posing as officials from NTUC and the Monetary Authority of Singapore (MAS), who managed to gain remote access to her banking details. What initially presented as a routine request to renew an insurance policy quickly spiralled into a comprehensive heist, employing clever manipulation of fingerprint authentication and remote control over her phone.
This incident underscores a disturbing trend in the increasing sophistication of scams, where fraudsters are honing their skills in social engineering to trick unsuspecting victims into relinquishing their banking access. With reports indicating that Singaporeans lost more than S$1.1 billion to scams in the previous year alone, authorities remain vigilant, issuing warnings about the persistent threat of financial fraud targeting both individual and business assets.

The Trouble Begins with a Deceptive Call
Around 3 PM on that fateful day, Ms. Wang (a transliteration of her name) answered a phone call from someone claiming to be an employee of NTUC. The caller informed her that her insurance policy was nearing its expiration and required a renewal payment of S$19,200. Having been a member of NTUC in the past, Wang felt reassured by the call and dismissed any thoughts of potential fraud.
However, when she hesitated to proceed with the renewal, she received another call from someone who claimed to be an “NTUC manager.” This person applied pressure, insisting that she must cancel the policy through her bank before 4 PM; otherwise, the amount would be automatically deducted from her account. Feeling cornered by this urgency, Wang reluctantly logged into her bank accounts, unwittingly setting in motion the next phase of the elaborate scam.
The MAS Impersonator’s Sinister Scheme
As the clock ticked toward 5 PM, a scammer masquerading as a representative from MAS initiated a video call with Wang. Dressed in what appeared to be official attire, complete with a staff ID, this imposter reassured her that her data had been compromised and emphasised the urgent need to cancel the fraudulent insurance policy through a secure method. Instructing her to authenticate a one-time password (OTP) via fingerprint, Wang unknowingly granted them access to her sensitive banking credentials.
While the call persisted, hackers were manipulating her phone remotely, steering the operation from behind the scenes as they executed their malicious plan. This dark tale serves as a stark reminder of how skilled scammers have become at exploiting trust and using fear tactics to exploit innocent individuals for their gain.

As the conversation progressed, unbeknownst to Wang, a group of hackers had gained remote access to her phone, siphoning off money from both her personal and business bank accounts. At that moment, she remained blissfully unaware that significant transactions were being executed without her consent.
It was around 7 PM when the scammer, seemingly nonchalant, disclosed that funds were being transferred but assured her that they would be refunded within a day. This casual remark raised red flags for Wang, prompting her to check her bank accounts immediately. To her dismay, she found herself locked out of her company’s online banking portal.
In a state of panic, she soon uncovered the devastating truth: a staggering S$1,143,390 had vanished in 22 separate transactions, each ranging from S$30,000 to S$78,000. The impact was not confined to her business finances; her accounts had also been ravaged. The funds that had been earmarked for her mother—S$18,500—were gone, along with S$6,450 from her children’s savings and a significant S$175,000 from her reserves. The company account, once brimming with capital essential for operations, was reduced to a mere S$5, while her balance dwindled to an alarming S$5.

In shock and disbelief over the financial catastrophe that had unfolded, Wang and her husband hurriedly filed a police report that very evening. Although investigations were underway, the likelihood of recovering their lost assets seemed grim.
To compound their distress, they faced an additional setback when their company’s GST GIRO deduction failed in February due to the lack of sufficient funds. This misstep incurred a 5% penalty from tax authorities, further tightening the noose on their already struggling ventilation equipment business, which they had diligently operated since 2018.
The rapid advancement of scam techniques in Singapore has revealed a troubling trend: fraudsters are increasingly adept at manipulating victims’ trust by masquerading as legitimate entities like NTUC and MAS. Armed with remote access to phones, the ability to manipulate one-time passwords (OTPs), and sophisticated social engineering strategies, these criminals have found ways to circumvent even the most robust security protocols. In light of these developments, authorities continue to stress the importance of vigilance and caution against engaging with unsolicited calls regarding financial matters.

Maxthon
To safeguard your smartphone effectively, the first step is to download and install the Maxthon Security application. Begin by accessing your device’s app store and searching for Maxthon Security. Once you find it, proceed with the download. After installation is complete, open the app to enhance your phone’s security measures. Upon launching the application, you’ll be prompted to set up a strong password or PIN. It’s crucial to select one that incorporates a mix of letters, numbers, and symbols for better protection. After confirming your choice, you’ll be ready to move on.

If your smartphone supports biometric features such as fingerprint scanning or facial recognition, go to the app settings and activate this option. This adds a layer of defence against unauthorised access attempts. The next step involves enabling real-time protection; locate and turn on this feature within Maxthon Security’s settings menu. It actively monitors potential threats and sends immediate alerts if any suspicious activities are detected.
The Maxthon Security app must be updated regularly to maintain high-security standards. You can enable automatic updates in your device settings so that you always benefit from the latest security enhancements designed to counter newly identified vulnerabilities. Maxthon browser Windows 11 support
Another critical action is performing a comprehensive scan of your device using the app’s scanning functionality. This will thoroughly examine your smartphone for malware or other cyber threats. Follow any prompts provided by the app to resolve any issues discovered during this scan without delay.
Moreover, take time to manage application permissions on your device thoughtfully. Review all installed apps and adjust their permissions through Maxthon Security and your phone’s settings interface. Do not grant access to sensitive information unless necessary.
Data backups should also not be overlooked. Regularly backing up essential files is vital for recovery in case data loss or breaches occur. Use cloud storage solutions or external drives for these backups, and ensure they are encrypted for added safety.
Lastly, make it a priority to educate yourself about best practices in mobile security; staying informed will empower you to protect not only your device but also the personal information stored within it.