Are we doing enough to fight scams?

Another day, another headline about the ongoing scam situation. Earlier this week, broadsheets in Singapore reported that the scam situation has increased by 16.3 per cent.

Specifically, victims have lost about S$385.6 million in the first half of 2024. At this rate, scam losses could exceed S$770 million, surpassing the record S$660.7 million lost in 2022.

How did things get so bad? Why can't we seem to do something about it?

A thriving crime marketplace

There is no denying that the situation looks dire, particularly given the efforts the Singapore government has already made to combat scams. While it's easy to cast the blame on gullible victims or on the government for not doing enough, the reality is that today's scammers are extremely sophisticated and supported by a thriving crime marketplace.

Over the past year, I've had opportunity to interview a former senior cybercrime law enforcement agent and various security experts on this topic. When it comes to cybercrime and scams, there is a vast arsenal of digital kits for sale, information brokers, as-a-service providers, and many other black hat service providers.

Let's talk about phishing kits. There are tools that allow scammers to quickly acquire new Internet domains and set up new websites designed to harvest credit card details from victims at the click of a button. This means that government efforts to interdict and close down fraudulent domains feel like a game of whack-a-mole.

The limits of user education

Perhaps scams could be eradicated if users were savvier, or we provided more user education, goes one school of thought. Unfortunately, things don't work that way. Human nature is a weak link that defies easy fixing through education or any one method.

At a GovWare Focus event held in July, a cybersecurity leader of a Singapore healthcare organisation shared how extensive phishing education substantially reduced the number of "clicks" by users falling for phishing emails.

Yet far too many are still fooled by phishing emails despite his team's best efforts: "A sophisticated attacker will always find a way to get through. And that's something that my internal red team could do – they always found a way to get through."

This is an after a massive, sustained educational effort, in a professional environment that can compel employees to pay attention. Despite this, employees from the cybersecurity team had always managed to get through. It is sobering indeed.

What can we do?

Scams are a social menace of our era. They are not a static problem but one that is evolving rapidly, driven by vast profits that have created a massive supporting ecosystem. The bad guys are innovating quickly, supported by modern slavery, social media platforms, and new generative AI tools.

There is a silver lining, though. For instance, there has been a drop in malware-enabled scams, which fell by 86.2 per cent to just 95 cases in the first half of 2024, or from SG$9.1 million lost to SG$295,000 in 2024.

On the one hand, it shows cybercriminals shifting strategies from malware to other, more lucrative methods. On the other hand, it indicates that efforts by the Singapore government on malware scams have made a difference.

For now, we need to continue educating users while working to strengthen anti-scam legislation. Greater collaboration is vital: Financial institutions should work with social media platforms, police should work with banks to quickly freeze suspiciously bank accounts, and cross border police collaboration is essential to tackle the increasingly sophisticated web of scams.

We cannot rest on our laurels or give up. Like traditional policing had kept our societies safe, we must do our upmost protect the weak and vulnerable from falling prey to evolving scams in online spaces.