Uh oh, the bad guys are starting to use AI to make their cyberattacks more believable

According to the latest security reports from Microsoft and Trend Micro, scams involving the use of AI are on the rise, Unfortunately, Singaporean consumers have a false sense of security around them, with 50% confident in their ability to easily identify scams by looking for grammar or spelling errors, and 70% believing they are safe from text message scams if they avoid clicking on suspicious links.

The difference now is that AI is lowering the barriers to entry for cyberattackers, so that now. Even low-skilled attackers can generate sophisticated scams, ranging from deepfake-driven phishing to AI-generated sham websites mimicking legitimate businesses. 

According to Trend Micro, the growing use of AI in cyberattacks is making deepfakes and sophisticated social engineering scams more convincing and significantly harder to identify. Microsoft further notes that AI drastically reduces the time needed for scammers to create these attacks, from days or weeks to mere minutes. It was anticipated that AI would eventually be incorporated into cyberattacks, and this development is now increasingly evident.

Ashley Millar, Consumer Education Director at Trend Micro, said: 

As cybercriminals adopt AI and other advanced technologies, many consumers remain misinformed about the full extent of the risks they face. Education and vigilance are key—consumers must actively stay informed to prevent falling victim to increasingly sophisticated scams.

Singapore experienced a significant increase in scam losses in 2024, reaching S$1.1 billion, a rise of over 70% from the previous year. This surge occurred partly because Singaporeans tend to underestimate online risks. Specifically, more than 42% believe oversharing is the sole risk, and almost 77% think extortion only happens after sharing explicit content.

Protecting the most vulnerable

When asked how someone could tell if they’d been scammed, Miller replied, “Often, if something feels off, like a deal that’s too good to be true, it probably is. Staying alert means trusting your instincts, being cautious with unsolicited contacts.” 

Microsoft said in a blog post that online shoppers can do the following to protect themselves:

• Don’t let pressure tactics trick you – Don’t be fooled by “limited-time” deals and countdown timers.
• Only click on verified ads – Many scam sites spread through AI-optimised social media ads. Cross-check domain names and reviews before purchasing. 
• Be sceptical of social proof – Scammers can use AI-generated reviews, influencer endorsements, and testimonials to exploit your trust.

On the subject of protecting the elderly, such as your parents, Miller said that protecting your parents starts with open conversations and helping them recognise red flags, such as urgent requests or unfamiliar contacts asking for their personal information, saying, “A bit of awareness, paired with the right digital tools, goes a long way in keeping them safe.”

Other recommendations include:

• Making sure their devices are secured with up-to-date antivirus software, strong passwords, and two-factor authentication. 
• Reviewing the privacy settings on their social accounts and limiting unsolicited contact. 
• Encouraging them to check with you before responding to anything that feels off. 

To combat rising impersonation scams, especially with AI being increasingly used in cyberattacks, Trend Micro suggests a simple yet powerful security measure: establishing a secret word or phrase for emergency verification with family and friends. This code, known only to your inner circle, serves as a crucial identity confirmation tool. Select a memorable but discreet phrase, such as a shared childhood memory or an inside joke, and keep it offline. Practice its use within family communications and reinforce its effectiveness by delaying responses to urgent requests.

“For example, if someone calls claiming to be one of your family members in trouble and is asking you for money, asking them the secret word helps you verify the situation before acting,” Miller explained, “It is important that more families in Singapore start implementing such practices so that they stay scam-aware and scam-ready.” 

You can also install protective measures like Scam Shield from the CSA or ScamCheck from Trend Micro on your iOS or Android smartphones. 

Scammers often target victims through SMS messages or phone calls, so the Singapore Police Force and the National Crime Prevention Council created ScamShield to detect and block these. Note that it can’t directly protect a user’s device if they use WhatsApp, but users can upload a screenshot of a message (received via SMS, WhatsApp, or Telegram) to check if it is likely to be a scam.

Trend Micro’s ScamCheck offers a free 30-day trial, with an opt-in subscription of S$6.99 a month or S$69.99 for 12 months. According to the company, ScamCheck uses AI to detect scams in real time so users can receive instant feedback. For example, one function can scan for AI face-swapping scams during video calls and give users real-time alerts to a potential impersonation attempt.

To help protect consumers from scams, Microsoft has introduced:

• Typo and domain impersonation protection: If using Microsoft Edge, it has website protection that uses deep learning technology to help users avoid fraudulent websites. 
• Digital Fingerprinting: This identifies malicious behaviours and ties them back to specific individuals to help in monitoring and preventing unauthorised access.
• Blocking Full Control Requests: Quick Assist is a tool that enables users to share their Windows or macOS device with another person over a remote connection. However, to initiate it, users need to go over security warnings and check a box acknowledging the security implications of sharing their screen. This adds a layer of helpful “security friction,” by prompting users who may be multi-tasking or preoccupied to pause to complete an authorisation step.

Read more: