Southeast Asia’s digital decade is upon us. Along with numerous benefits, innovation, and potential, this new era has also brought an increase in scams for consumers and businesses alike.

In fact, the Singapore Police Force announced that scam victims lost $660.7 million in 2022, an increase of 4 percent from 2021. More than 53 percent of Singapore’s scam victims are individuals between the ages of 20 and 39 years old since this group spends the most amount of time online.

As digital services and solutions continue to intertwine with all aspects of life and business, these scams will only become more sophisticated and harder to crack down on. So how can businesses better equip themselves to stay one step ahead of increasing fraud?

The rise of modern-day scams

From Shangri-La to Singtel, Carousell to Starbucks the nation continues to remain vulnerable to major attacks. To effectively protect themselves, businesses must first have an understanding of the prevalent and growing types of scams in Singapore.

In 2022, phishing, e-commerce, and investment scams were the most common. Notably, e-commerce scams have consistently been among the most prevalent for the past four consecutive years as a result of the increasing pace of digitalization in Singapore – greatly expanding the attack surface.

First-time and established businesses have found it harder to prevent fraud due to the increased complexities of the types and volume of attacks as digital adoption continues to pick up.

Additionally, with a multitude of user accounts created daily, it comes as no surprise that scammers are harnessing social engineering techniques to easily impersonate individuals or entities to obtain their account information.

How can we bridge this gap?

The scam antidote


When it comes to tackling fraud prevention, education needs to be the top priority. Outside of technology, there is an element of human error and the risk that comes with it. Businesses need to better educate their workforce on cyber hygiene and implement processes and procedures that best reduce the risk of these attacks. With a strong understanding of cyber risk and the part they play in minimizing it, employees become an asset in the fight against scams.

Effective employee education does not have a one size fits all approach. It requires tailoring the approach to different teams and their roles and responsibilities. For example, a sales team may need to focus more closely on how to identify untrustworthy emails, while programming and tech support-focused team members may need to keep an eye out for potential misconfigurations of applications that could lead to a cyberattack occurring.

In addition to a tailored approach, organizations need to ensure that all employees are trained to identify malicious emails, URLs, and attachments sent to their corporate and personal inboxes. It is an organization’s responsibility to make sure that their employees are educated on the latest attack tactics and participate in frequent training to understand the implications of attacks as well as their role in safeguarding themselves and the company’s security ecosystem.

A zero trust approach

Zero Trust should be embedded into the core of each business and leaders need to set a security-first mindset while putting the right framework in place to limit fraud. Zero Trust is built on the principle that no person or device inside or outside of an organization’s network should be granted access to connect to systems until authenticated and verified.

For leaders this means that their top priority must be incorporating Zero Trust into their overall cybersecurity approach. User access must be granted and re-authorized constantly from as many different data points as possible to minimize unauthorized access and breaches. As part of this Zero Trust architecture, businesses must leverage artificial intelligence (AI) to safeguard this user access. This helps organizations stop attackers at the front door and avoid entry into their applications and networks.

The time for passwordless is now

Passwords are the weakest point of entry for attackers. Phishing, malware, ransomware, and credential-based attacks are targeting passwords more than ever before, making them the most vulnerable part of digital identity to protect. In fact, the 2022 ForgeRock Consumer Identity Breach Report found unauthorized access accounted for half of all data breaches in 2021 due to weak passwords, shared credentials, or compromised accounts. Additionally, Forrester found that the typical cost of a single password reset is $70-$100, with the average large enterprise allocating over $1 million annually to password-related support costs.

Passwordless authentication replaces traditional passwords with a more user-friendly, secure possession – and can take the form of tokens, certificates, authenticator apps, or biometrics. These can be combined with passwordless multifactor authentication (MFA) to offer the highest level of user authentication security.

With a passwordless approach, businesses in Singapore can better navigate the growing number of attacks, improve user experience and rising operational inefficiencies, while also saving costs from rising password resets. This diminishes the risk of relying wholly on login credentials which is quickly becoming a thing of the past.

Ultimately, the solution to fraud prevention lies in the balance of a business’s employees, processes, and technology efforts. As Singapore continues to accelerate through the digital decade, it will remain crucial for businesses to equip themselves with the right tools and knowledge to combat the growing threat of scams and remain protected. Together, continued employee education, a Zero Trust approach, and adopting passwordless authentication will ensure that businesses have the right measures in place to navigate and thrive in the digital age.

David Hope is Senior Vice President, Asia Pacific & Japan at ForgeRock.

TechNode Global INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Don’t let automation relegate you to the role of “human router”