Advisory On The Importance Of Safeguarding Online Accounts

The Singapore Police Force (SPF) and Cyber Security Agency of Singapore (CSA) would like to remind members of the public on the importance of safeguarding online accounts, including email accounts.

In an increasingly digital society, safeguarding online accounts with strong and secure passwords is more important than ever. As cybercrime and scams continue to rise, individuals face a growing risk of unauthorised access to their personal and financial information. Weak or reused passwords make it easier for cybercriminals to breach accounts, leading to identity theft and financial losses.

Common Techniques Used to Compromise Online Account Credentials

Social Engineering
Cybercriminals may send phishing emails containing urgent or threatening messages impersonating trustworthy organisations such as banks or government officials to lure you into divulging your credentials. Links embedded in these phishing emails may direct you to fake websites mimicking 'reset password' or 'account login' screens. By entering your password on these sites, you may unknowingly give cybercriminals access to your login credentials. Cybercriminals may also trick victims into installing infostealer malware that can harvest account credentials and other sensitive information stored in your device.
Credential Stuffing
Cybercriminals can also obtain stolen credentials from past data breaches of organisations to gain access to your accounts. If you have reused the same password across all your accounts, cybercriminals may be able to access those accounts as well.
Dictionary and Brute Force Attacks
Cybercriminals may conduct dictionary or brute-force attacks to guess your password by checking against ‘password dictionaries’ or lists of commonly used passwords and character combinations. The shorter and less complex your password is, the quicker it is for the cybercriminals to guess the correct combination.
Man-In-The-Middle (MITM) Attacks
Cybercriminals may also intercept communications between you and a website to steal login credentials, without the knowledge of either party in a MITM attack. This may occur through the exploitation of unsecured Wi-Fi networks.

Protecting Your Accounts

Members of the public are advised to adopt the following prevention measures:

Spot the signs of phishing – Beware of unexpected emails and suspicious attachments. In addition, cyber criminals can easily create phishing websites that look similar to legitimate websites. They may also substitute letters in a URL to mislead you into thinking that you are on a legitimate website e.g. www.paypa1.com instead of www.paypal.com.
Use strong and complex passwords/passphrases – It should contain at least 12 characters comprising upper-case and lower-case letters, numbers and symbols. You can also use a passphrase by stringing together five different words that relate to a memory unique to you. Passphrases are more secure due to its length and thus, require more time for cybercriminals to crack. Avoid using passwords which are easy to guess, including your name, NRIC or birth date, and do not reuse passwords across multiple accounts.
Enable Multi-Factor Authentication (MFA) – Enable MFA or Two Factor Authentication (2FA) for your online accounts where possible to provide an additional layer of security to your online accounts.
Use reputable password managers - This can help you to store and manage your passwords for different online accounts. Using a password manager will only require you to remember the master password that unlocks the password manager, eliminating the need to remember multiple passwords for multiple accounts. 2FA should also be enabled as an added layer of security.
Use anti-virus apps – To safeguard your devices from malware infections, use an anti-virus app or software. Set the software to check for updates automatically.
Use secure Wi-Fi networks – Use secured Wi-Fi, such as a known wi-fi that is protected by a password where possible. Look out for ‘https://’ as well as the padlock sign in the address bar, which adds an extra layer of security to your communication with the website. Avoid performing sensitive transactions using public Wi-Fi.

You may check if the credentials to your email account have been compromised in a data breach by visiting the ‘Have I Been Pwned’ website [1] which flags addresses exposed by an online platform data breach. If you believe that your account has been compromised, do the following:

Change your password immediately and enable MFA / 2FA, if available, to secure your account. If you have used the same compromised password for other accounts, those passwords should be reset to prevent unauthorised access.
Contact the platform service provider for assistance if you detect unauthorised transactions or no longer have access to your account.
Perform a full system scan with an updated anti-virus software, if you have clicked on a phishing link or opened an attachment contained in a phishing email.
Report the incident to the relevant authorities and lodge a police report at any Neighbourhood Police Post or online at https://eservices1.police.gov.sg.

If you have any information related to a crime or are in doubt, please call the Police Hotline at 1800-255-0000, or submit a report online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’. If you are unsure if something is a scam, call the 24/7 ScamShield Helpline at 1799 or download the ScamShield app to check, detect and block scams. For more information on scams, visit www.scamshield.gov.sg.

[1]: https://haveibeenpwned.com - A free resource to verify if online accounts have been involved in a data breach.

SINGAPORE POLICE FORCE

CYBER SECURITY AGENCY OF SINGAPORE

21 May 2025 @ 8:20 PM