Stay cyber savvy: Latest dangers & scams in the digital world

While we’re lucky to live in one of the safest countries in the world, none of us can escape the fast-moving, increasingly sophisticated world of cybercrime. In Singapore, as everywhere, online threats are constantly evolving, which means staying savvy, alert, and ahead of the latest scams and safety precautions is more important than ever. Thankfully, there are experts like Troy Hunt (troyhunt.com), who has his finger firmly on the pulse of digital mischief. An Australian International School (AIS) alumnus who grew up on the red dot, Troy is a software developer and security researcher with more than 30 years of experience in tech. In 2013, he launched the data breach notification service “Have I Been Pwned”, which helps people discover if their personal information has been exposed online. For anyone who doesn’t know what pwned means, never updates their passwords, or still thinks cyber crime only happens to other people (i.e all of us!), read on.

Going into cybersecurity was a forward-thinking move!
I finished secondary school at AIS and then went to Griffith University on the Gold Coast, right as the .com industry was taking off. The timing worked in my favour. “Have I Been Pwned” indexes data from cybercriminals, security researchers, and law enforcement agencies like the FBI and Europol, so people can see if their information has been exposed. “Pwned” is a word from gamer culture – if you were to shoot the opponent, you might say, “You’re pwned.” The origin comes from a typo: someone mistyped owned as pwned, and it was a term that stuck. As the criminal ecosystem online keeps growing, and with more of our lives moving online, the risks just keep multiplying.

What are the major risks in cybercrime today?
There are so many ways criminals can access information. Your email address is out there because it’s been leaked somewhere. You might have left it thinking you were entering a competition or winning a cruise, but it was really a service to harvest your data. Massive email lists float around that scammers use to fish for personal data. Phishing, for example, is often a very indiscriminate, shotgun approach: “Let’s just send 100 million emails, and if we get 0.1% of people to give some personal data, that’s enough.” All of us are vulnerable that way.

So attacks are not personal?
Cybercriminals are out to get everyone. Romance scams are a good example. Many originated in places like Nigeria. A large amount of emails will be sent out pretending to be a lonely person looking for a connection. A few people bite, and then those individuals are targeted more specifically. But it usually starts very broad.

How does this fraud actually work?
Malware is still a big thing – infecting a computer, capturing credentials, and selling them on underground forums. Extortion is another major issue – even if you haven’t done anything wrong, emails might claim that you have. Anything from not paying a toll gate fine to “we caught you watching inappropriate content on your computer, and we have photos of you.” Many people freak out enough to make payments. In Australia, cybercrime results in about $3 billion a year in financial fraud. Everyone has some net wealth, and there are opportunities for fraudulent tax returns, early superannuation withdrawals, or other schemes. There are many variations of crime, and unfortunately, some people fall victim.

Who’s behind these crimes?
The wild thing is that a lot of scammers themselves are victims. In places like Myanmar, people are enticed by organised crime gangs with work, then held hostage and forced to execute online scams in a cyber compound. Offers of work lure people, passports are taken, and they’re kept hostage, sometimes physically abused. You’ve probably had calls pretending to be your bank, telco, or Microsoft. Those callers could be people who’ve been scammed themselves, now trying to scam others.

How can we even start to protect ourselves?
The biggest issue is people reusing passwords, leading to account takeovers and potential loss of sensitive information or money. Passwords are one security paradigm that all of us struggle with. We all have lots of them and have probably done a terrible job of managing them. One big misunderstanding is that passwords need to be remembered. We’re past that point now – we have too many accounts. If you reuse a password, as soon as one gets compromised, someone has the keys to all your other accounts. Unique passwords are absolutely fundamental to personal cybersecurity.

“The biggest issue is people reusing passwords, leading to account takeovers”

What to do?
To have unique passwords across 100+ accounts you need a password manager. There are password managers built into iOS and browsers, and dedicated products too. They create genuinely random passwords, store them securely, and fill them in automatically when you log in.

Can you explain how cybercrime is being tackled globally?
Cybercrime isn’t bound by geography. Criminals can operate anywhere in the world, often from regions not as cooperative as Singapore or Australia. Law enforcement like Europol conducts takedowns of criminal ecosystems, botnets, and ransomware campaigns, but it’s complicated when offenders are overseas. Many government programmes focus on prevention, helping teenagers and young adults to avoid cybercrime.

“Pwned” is a gaming term, which is a big pastime for children everywhere …
This concern has gained a large amount of traction, especially around Roblox, the massively popular gaming platform where kids build and share their own games. Gaming, unlike when I was at school playing Doom, is now social and online with people from all over the world. It’s great for connection, but it also exposes kids to manipulation from older players or adults looking to take advantage.

What can parents do?
My wife and I encourage our 13 and 16-year-olds to use devices in the living room. Being present helps start conversations. You can’t isolate or block everything; parents must be part of the discussion. We actively involve our kids in scams. When I get a scam call, I let the kids talk to the scammer. A long pause, an unusual accent, and generic instructions like, “Press one for PayPal” are a clear scam and becomes a teaching moment. We make it a challenge: how long can the kids keep the scammer on the line, what are they trying to get?

Are there new ways to ensure devices are safe for children?
Modern operating systems have built-in parental controls. We set our kids up in a family group on Apple devices. Controls manage purchases, flag nudity, and help monitor activity. Use native controls – Apple, Google, Microsoft all have them. Avoid third-party tools that capture photos, voice messages, or activate cameras and microphones. Most have “spy” in the name which is a giveaway. A healthy distrust of everything online is a good starting point.

How about protection against cyberbullying and online interactions?
Perpetrators seek shock value, often with racial, sexist, or offensive content. Kids being bullied are generally well-behaved in real life, but anonymity brings out the worst. Social media has huge benefits for children; it’s part of growing up, but guidance should be tailored by family.

What should parents watch for?
Your child spending a lot of time alone on devices isn’t necessarily a concern, but very late hours, becoming withdrawn from normal social interactions, or suddenly having money from unexplained sources are red flags.

Fast forward 10 years – will we be safer online?
The online world will just be different. AI will be a major issue, making it harder to know what’s real. But AI can also detect anomalies, like business email compromise, where emails appear legitimate but aren’t. AI helps identify threats humans might miss.

How Singapore Stays Cyber Safe
In December 2025, the Commercial Affairs Department of Singapore Defence Force said police believed 143 people were involved in over 400 scam cases with losses of almost $4m, mainly involving e-commerce, friend impersonation, job, government official impersonation, investment, and rental scams. From 30 December 2025, scammers and scam syndicate members or recruiters face mandatory caning of at least six strokes, up to 24, while scam mules who launder proceeds or provide SIM cards and Singpass credentials may receive discretionary caning of up to 12 strokes.

How SG Stays Cyber Safe: straitstimes.com