⏱︎ 3 mins
In 2025, email spoofing and phishing remain major cybersecurity threats in Singapore. Cybercriminals are increasingly turning to Generative AI to design error-free, convincing emails that impersonate trusted organizations — from banks and government agencies to digital service providers. Singapore authorities are also tightening regulations, issuing deadlines to social media platforms to combat impersonation scams that fuel similar identity-based fraud. These sophisticated social engineering tactics make fake messages look authentic and deceive even cautious users.
To learn more about our courses, contact us today!
Although overall scam cases in Singapore fell by 21.5% in the first half of 2025, losses from phishing-related incidents rose dramatically by 134%, totaling about $30.4 million. This sharp increase underscores the growing financial and psychological impact of AI-driven cybercrime.
Rise of Ransom Demand Scams
The Singapore Cyber Emergency Response Team (SingCERT) has cautioned residents against a wave of ransom demand scams and cryptocurrency extortion attempts. In August alone, 33 reports were made of emails alleging that victims’ devices had been infected with malware that recorded private videos.
Scammers claimed they would release these fabricated videos unless the victims paid a cryptocurrency ransom. These threats are entirely false — no malware or recordings exist. The scammers rely on fear and urgency to push recipients into payment. To make matters worse, many messages appear to come from the victim’s own address, a tactic achieved through email spoofing that fakes the sender’s identity.
Red Flags of an Email Extortion Scam
To help users quickly identify these fraudulent emails, SingCERT advises looking out for the following warning signs:
- Fake Malware Claim – The email falsely states your device is infected and private videos were recorded.
- Cryptocurrency Demand – You’re asked to pay a ransom in Bitcoin or another digital currency.
- Spoofed Email Address – The email may appear to be sent from your own address or a familiar contact.
- Emotional Manipulation – The tone creates panic or shame to pressure you into acting fast.
- Lack of Personalization – The message uses generic language and no real identifying details.
Recognizing these signs early can help individuals avoid panic and prevent financial loss.
How to Stay Protected
Singapore’s cybersecurity authorities recommend practical steps to build digital resilience:
- Ignore and delete any such emails without responding or sending payment.
- Report these incidents to SingCERT via www.csa.gov.sg/cyber-aid.
- Use strong, unique passwords and enable multi-factor authentication (MFA) to secure your accounts.
- Limit exposure by avoiding posting your email address publicly on forums or social media.
A recent Exercise SG Ready phishing simulation across 200 businesses found 17% of over 4,500 employees clicked phishing links (8 points above global averages), with only 5% reporting them — highlighting the urgent need for workplace cyber hygiene training. Through constant awareness and good cyber hygiene practices, Singapore residents can better defend themselves against modern phishing, email spoofing, and cryptocurrency extortion scams.
Key Takeaway
- AI is powering more convincing phishing and spoofing attacks in Singapore.
- Extortion emails demanding cryptocurrency are on the rise but rely entirely on false threats.
- Recognizing red flags such as fake malware claims and spoofed senders is crucial.
- Reporting and preventive action remain the best defense against evolving cyber scams.
(Source: CSA Singapore, The Straits Times, 30 August 2024)
References:
Channel NewsAsia. (2025, March 17). 17% of over 4,500 employees clicked on phishing links during two-week exercise. https://www.channelnewsasia.com/singapore/phishing-emails-links-exercise-sg-ready-employees-5004951
Hogan Lovells. (2025). Singapore issues deadline to social media platform over impersonation scams. https://www.hoganlovells.com/en/publications/singapore-issues-deadline-to-social-media-platform-over-impersonation-scams
Cyber Security Agency of Singapore. (2024, August 30). Advisory on email spoofing and extortion e-mails targeting the public. https://www.csa.gov.sg/
Tan, J. (2024, August 30). ‘You have been hacked’: SingCERT warns of extortion e-mails. The Straits Times. https://www.straitstimes.com/
Discover how you can enhance your skills. Reach out to us for more details!
Get the latest news and insights and stay up-to-date with ITEL