Author: Eddy K

Reflections from the Global Anti-Scam Summit Asia 2025

Glad to be able attend the Global Anti-Scam Summit Asia 2025 in Singapore. Across two days, one theme stood out clearly: scams are no longer niche or amateur — they are professional, adaptive, and global. Here are some highlights and reflections.

The Scale of the Problem

  • In Singapore, digital crime now outpaces physical crime two to one.
  • On average, each person in Singapore loses US$1,000 to scams.
  • It’s no longer just the elderly — younger people are also being caught out, often by “good deals” (concert tickets, food deliveries, task scams).

The Psychology of Scams

  • Scams are not about how intelligent you are; they are designed for you. 94% of adults try to verify offers, yet billions are still lost.
  • Greed, trust, loneliness, and love are powerful levers — and scammers know how to pull them.
  • The impact goes beyond money: shame, withdrawal, and even self-harm are real consequences.

Technology: Weapon and Shield

  • AI is changing the game. Gone are the days of scam emails full of grammatical mistakes. AI now generates polished messages and can deploy psychological tactics at scale.
  • On the flip side, AI is being used by defenders to detect unusual activity and even “chat” with scammers — keeping them occupied and away from real victims.
  • Scammers also layer apps on legitimate platforms. One example: a translation tool running on top of WhatsApp, making scams seamless across languages.
  • Tools like WormGPT and OnlyFake (fake IDs and documents) show how innovation cuts both ways.

Collaboration and Cat-and-Mouse

  • Speakers broke down scams into a lifecycle: preparation (profiling, phishing kits, AI tools), deception (initiating contact and social engineering), and monetisation (laundering illicit funds). It’s a reminder that scams are structured enterprises, not random one-offs.
  • For years, telcos, banks, and platforms pointed fingers. Now, there’s a push toward collaboration — data sharing, APIs, and initiatives like GASA’s Global Signal Exchange.
  • Singapore’s own approach includes upstream blocking of scam calls/sites, tighter laws, public reporting, and education via ScamShield and the 1799 hotline. (Ironically, scammers are already spoofing calls claiming to be from the scam centre.)
  • It’s clear: there is no 100% tech solution. Trust, vigilance, and human awareness remain essential.

Human Cost and Unseen Victims

  • Behind the headlines are people trafficked into scam compounds, forced to work under duress. This hidden second layer of victims is often forgotten.
  • One exposé revealed a compound in the UAE with 2,000 workers running pig-butchering scams. The sophistication was chilling: real girlfriends on-site, curated social media profiles, even video calls to build trust — all leading victims toward fake investment platforms.
  • Groups like the Luffy crime ring show how organised, ruthless, and adaptable these networks have become.

Where Do We Go From Here?

The summit closed with more questions than answers:

  • How do we balance fraud prevention with user experience?
  • How do we build trust as effectively as scammers do?
  • Who draws the line of responsibility — governments, industry, or us as individuals?

Here at Security Common Sense, we believe awareness starts at home. That’s why we’ve been working on this site for a few years — to help friends and family cut through jargon, spot red flags, and talk about scams openly. If you’ve stumbled across us and find us interesting, share it with your friends and family too.

Also in This Series

This article is part of our reflections from the Global Anti-Scam Summit Asia 2025 (GASS Asia). You can read the full series here:

Together, these articles explore how scams are evolving, how they affect all of us, and what we can do to fight back.

The Future of Scamming

Scammers have always been a part of the global economy, but the rise of technology and the internet has led to an explosion in the number and variety of scams. The most recent trend in scamming is the use of social media and online platforms to target individuals and businesses.

One popular scam is the "phishing" scam, in which scammers send emails or messages that appear to be from a legitimate source (such as a bank or government agency) in order to trick people into giving away personal information or money.

Believe it or not, the few paragraphs above are AI generated. Tools such as ChatGPT allow a user to conduct natural language conversations with software, and the software to respond in a way that on many occasions, pass off as a real human.

Consider 4 years ago, Google highlighted new technology for a digital assistant to make a phone call to a restaurant to make reservations, or to a hairdresser to make an appointment.

Click this link to see it on YouTube.

In the same year 2018 - comedian Jordan Peele produced a deepfake video of President Obama saying things he wouldn't say. Watch it here.

Consider that most scamming and phishing attempts currently received on email or text are poorly formatted, or have spelling mistakes, or bad grammar. In Singapore, the IMDA has gone on a campaign over the past few years educating the public on how callers with a +65 prefix are possibly scam calls. This may cause people to instinctively trust what appear to be legitimate local numbers. Well, the scammers have found a way to call from a non +65 number.

How else can scammers up their game? What if they automated the process using natural language tools and deep-faked voices (or more scarily, deep-faked video)? What if you received an urgent video call from your boss asking you to buy some gift cards? Or from a frantic child saying they have been kidnapped and that her captors are demanding a ransom?

No matter how technology evolves to counter scammers and phishers, the bad actors will always come up with something more sophisticated. Scammers rely on impulsive actions to get what they want. It is up to the individual to be the final line in the defense of their personal information and money.

Some of us are fortunate enough to have corporate training on good cybersecurity hygiene, but continual personal training and practice in critical thinking is the key to keeping safe. Always think of the veracity of the message before you respond.

 

Tip 23: WHAT IF YOU HAVE BEEN VICTIM OF IDENTITY THEFT

What to do:

  • Immediately change all passwords and security/identity questions and responses.
  • Start with the financial services you use first.
  • Use a password manager and never use the same password for 2 sites, or reuse passwords.
  • Contact companies, including banks, where you have accounts as well as credit reporting companies.
  • Cancel and destroy compromised credit cards, apply for new ones.
  • Check to make sure the software on all your systems is up to date.
  • Run a scan to make sure your system is not infected
  • Observe if your system is acting suspiciously.
  • If you find a problem, disconnect your device from the internet and perform a full system restore.
  • File a report with the police if you believe there was a financial crime committed or identity theft.
  • Raise awareness and tell your friends – maybe this will help one of them to avoid this situation.

Why do it?
The objective is to identify and contain the breach, and then prevent future breaches. It is a long process, but you will be stronger for it.

Tip 22: START ON A CLEAN SLATE IF YOUR DEVICE IS COMPROMISED

What to do:

  • Disconnect your computer from the internet
  • Shutdown and remove the hard drive
  • Scan the drive for virus, spyware and malware using another computer
  • Backup your personal files
  • Reinstall your hard drive into your PC, then reformat it.
  • Reinstall the OS and install updates
  • Install anti-virus and anti-malware software and install updates
  • Install your applications and install updates
  • Scan your backups for viruses
  • Restore your backups
  • Make a complete backup of this fresh system

Why do it?
These are the steps needed to “un-zombify” your PC. More research may be needed on your part to find out how to perform some of the steps above according to the type of PC or notebook you have. You could also hire someone to do this for you, preferably someone you trust.

Tip 21: PROPER DISPOSAL OF DEVICES

What to do:
Perform a “Factory Reset” on mobile devices before selling or giving them away. Notebooks and PC’s should be disposed off after the hard drive has been low level formatted, or has some holes drilled into them, or both.

Why do it?
There have been cases of compromising personal information being recovered from disposed devices – anything from names, addresses, banking information and collections of inappropriate content. Mobile devices such as iPhones, iPads and Androids give their owners the facility of performing a factory default reset which deletes all content puts the device into the same configuration as when it left the factory.

PC’s may not have this same facility available. If you can perform a low level format (to get rid of the old data) and do a system restore before giving it away, that is great. Otherwise, the easy way is to pull the hard drive out of the box and drill some holes in it. A sledgehammer would also work and is very therapeutic.

Tip 20: TURN OFF BLUETOOTH

What to do:
Turn off Bluetooth on your device if you’re not using it.

Why do it?
Bluetooth is useful for connecting to speakers, headsets, mouses, and other devices. It can also be an entry vector for unwanted devices and malware.

Keep Bluetooth disabled until you need to connect to a device, this will also reduce drain your battery.

Tip 19: ENCRYPT YOUR DEVICE

What to do:
Enable encryption from your OS (such as Microsoft BitLocker or Apple FileVault) for your PC. Similar settings may be found on iOS and Android mobile devices.

Why do it?
Even if you set a password on your device, attackers can still get access to your private files and documents. They can do this by booting into their own operating system from a special disc or USB flash drive and reading the data from your hard drive.

Tip 18: TURN OFF YOUR PC WHEN NOT IN USE

What to do:
A PC that’s not switched on cannot be hacked into, and if already compromised, cannot be used by the attacker to download info from it, or spend it’s idle time being part of a botnet.

Why do it?
Also, if your main PC is a notebook then turning it off and removing the power plug from it will save your battery from unnecessary charging and performance deterioration.

Regular PC restarts are recommended to allow your Windows (or other operating system) to clean up open files, get rid of temporary files, and update itself.

Tip 17: USE RFID BLOCKERS

What to do:
Use a RFID blocking wallet, purse, bag, or use RFID blocking sleeves to prevent mobile RFID skimming.

Why do it?
Have you seen a person gain access to his office by just touching his wallet to the card reader, or a lady get on the metro by tapping her purse on the ticket gantry? Similarly, a person armed with a mobile RFID reader can skim the data off your credit card in your back pocket or purse.

A RFID blocking wallet, clutch, or individual RFID blocking sleeves can prevent that. I have found that you don’t need to put the cards into the sleeves. Merely having these sleeves slotted into the wallet as the outermost layer will prevent your cards from being read.

Tip 16: COVER UP THE CAMERAS

What to do:
Put some black electrical tape over the camera on your computer notebook/laptop/tablet/mobile phone.

Why do it?
There have been cases where malware on a computer gave an attacker access to the camera, and compromising pictures of the user have been remotely taken.

I currently have tape over my notebook computer and tablet device, but not my phone.
Sure you could buy a fancy one, but tape will do. Just remove for any video conferencing calls you have to make or selfies you have to take, then replace it.

Posts navigation

1 2 3 4
Scroll to top