Cyber Crooks Using Social Media To Gain Trust, Singaporeans Not Immune

A video supposedly captured the late actor Robin Williams saying goodbye before he committed suicide. But to view it, one has to share the clip on Facebook, do a survey or download software.

There was no video. It’s a scam. Meanwhile, the number of times it was shared mounted on Facebook, giving the ploy more legitimacy and widening its appeal.

Social media platforms like Facebook, Instagram and Twitter are increasingly used by cybercriminals to exploit our trust, according to the latest Internet Security Threat Report from Symantec Global Intelligence Network, which was released at the INTERPOL World yesterday.

And Singaporeans are not immune: The Republic is ranked seventh in the Asia-Pacific (including Japan) and 33rd globally for social media scams, according to the report. Topping the ranking globally was the United States.

The report also flagged another area of vulnerability — the use of mobile applications. Of the 6.3 million apps surveyed by Symantec, more than 1 million are classified as malware, and about 2.3 million are “grayware” apps, which do not contain viruses but can be harmful to users, such as by bombarding the user with advertising.

Commenting on the report, Mr Peter Sparkes, Symantec’s senior director of Cyber Security Services for Asia Pacific and Japan, said: “Attackers have stepped up their game by tricking companies into infecting themselves through Trojanised software updates and gaining full access to corporate networks without the need to even make any forced entry.”

Second Minister for Home Affairs S Iswaran, speaking at the opening ceremony of the congress, noted that as the Internet penetration rate — now at more than 40 per cent globally — continues to rise, with networks connecting vehicles, homes and even health devices, the exposure to cyber threats has also grown.

“New cybercrime attack vectors and more points of entry are being introduced, allowing criminals to easily steal personal information for fraudulent activities, or even worse, cripple entire systems simply by targeting one device,” he said.

He pointed out that although mobile phones store a huge amount of personal information, mobile phone security is not widely practiced.

“Our increasing dependence and reliance on technology also means that criminals and terrorists can easily manipulate the information we see on our screens to their advantage,” he said, noting that cybercriminals are also able to intercept wirelessly transmitted information by “man-in-the-middle malware”.

Symantec noted that while emails remain a key means of attack for cybercriminals, they are also experimenting with attacks on mobile devices and social networks to reach out to more people with less effort. For example, they could invite social networks users to join a fake event or group with incentives such as free gift cards, with the intention of getting users to share their credentials, or send a text to a premium rate number.

Meanwhile, more lucrative and aggressive attack methods such as ransomware — a type of malware preventing or limiting users from accessing their system — remain a threat. The number of such cases rose 113 per cent globally last year.

While attackers continue to evolve and persist, businesses and consumers can protect themselves. Mr Sparkes said individual users should not use one password for multiple accounts for security reasons.

For companies, Mr Sparkes said they should educate their users as well as ensure incidence response plans and recovery plans are tested and in place.



Leave a Comment

Your email address will not be published. Required fields are marked *