The 2022 Singapore User Risk Report found that only 44% of respondents can identify fraudulent calls. This makes the use of voice communications more attractive to cyber criminals, which could account for why more than 3 in 4 professionals receive scam calls, text and emails at least once a week.
The study draws from data collected on the Ipsos DIY digital platform and centres around the observations and habits of 600 working adults in Singapore. It found that the most common theme used by attackers was health-related. 76% of fraudulent emails in Singapore used Covid-related scams, followed by banking-related scams (75%) with logistics/delivery-related scams (45%) in second and third place respectively.
“Organisations in Singapore have invested hundreds of millions of dollars in cybersecurity, and work hard to keep up with changing regulations,” said Jennifer Cheng, cyber strategist, Asia Pacific and Japan at Proofpoint.
“Despite these efforts, some of the best-known brands have succumbed to phishing attacks. This proves just how critical the human factor continues to be since cybercriminals are always looking for relationships that can be leveraged, trust that can be abused and access that can be exploited.”
Jennifer Cheng
Key findings
49% of Singaporean employees work remotely, blurring the lines between personal and professional life and expanding attack surfaces massively. The Proofpoint 2022 State of the Phish Report noted that 54% of employees globally use their personal phones for work purposes.
47% of working Singaporeans either do not know how to – or are unaware that – they are able to verify links from cloud service providers. Microsoft OneDrive and Google Drive are the most common legitimate cloud infrastructure platforms used by threat actors. Proofpoint’s annual Human Factor Report, revealed that in 2021, 35% of cloud tenants that received a suspicious log-in also experienced suspicious file activity after the breach, revealing that privilege-based risk widens as organisations move to the cloud.
A staggering 66% of managing directors and 75% of regional leaders are likely or very likely to share OTPs (one-time passwords) via email or messaging services if they think the person asking for it is a friend, acquaintance, or colleague. The Human Factor Report revealed that high-privileged users are disproportionately targeted. Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk.
Attackers thrive on anxiety and lack of awareness. The top 5 themes used by cyber criminals were Covid-related (76%), banking related (75%), logistics related (45%), telco related (37%) and finances related (29%).
