Tan Kok Liang? Beware of scams and malware during PE2023

SINGAPORE — Voters are urged to watch out for scams and cyber attacks that attempt to trick them into downloading malware, the Cyber Security Agency of Singapore (CSA) said in an advisory as campaigning for the presidential election kicked off on Tuesday (Aug 22).

Such threats could surface with the use of digital means for election campaigning, such as online rallies and social media, said CSA in a statement.

Threat actors could create fake social media accounts or circulate fake websites that mimic the content of official campaign websites to carry out phishing or social engineering attacks.

CSA said: "During such attacks, unsuspecting victims may inadvertently provide sensitive information or perform financial transactions at the behest of the threat actor impersonating the election candidate or political party as a gesture of support."

Fraudsters may also try to trick members of the public into downloading malware masquerading as legitimate software used during the election campaign.

Such software may include video conferencing apps that election candidates or political parties use to conduct their campaigning, said the agency.

By installing these apps, fraudsters could be granted unauthorised access to a device and conduct malicious activities.

Users should download apps from only official sources and pay attention to the security permissions required by the app - such as asking for permissions that are unnecessary to the app's function.

Users should also be wary of e-mails and messages that ask for sensitive information and financial transactions.

CSA added: "This stance should not change even if the purported sender of the e-mail or message is from an election candidate or political party."

It urged users to closely examine the URL links to check if the site is legitimate, refrain from clicking on links in unsolicited messages, and not to disclose sensitive information.

The agency has not received any reports of such scams.

CSA said: "It is crucial for voters and other members of the public to exercise discernment when encountering information requests on social media platforms, messaging platforms and websites during the election period.

"By being vigilant and critically assessing the information received, you can safeguard yourself from potential monetary losses and protect your devices from malware infection."

The advisory was released shorty after presidential candidates Ng Kok Song, Tharman Shanmugaratnam and Tan Kin Lian were officially confirmed at the nomination centre at the People's Association headquarters in Jalan Besar on Tuesday afternoon.

The three men, who are vying to become Singapore's ninth president, can campaign till Aug 30, with a Cooling-off Day on Aug 31 and Polling Day on Sept 1.

The candidates run their own campaign website and social media accounts with followers numbering from a few thousand to a hundred thousand.

In screenshots seen by The Straits Times, Mr Tan's followers were alerted in a Telegram channel to a fraudulent page mimicking his campaign donation site, with a QR code to collect donations.

Mr Tan said on his campaign website, tklcloud.com, that donations are welcome and can be transferred to a PayNow contact number which has his name "Tan Kin Lian" indicated next to it. He added that the donations will be reported as a total.

A similar message was used in the fake campaign page, with a QR code for donations and a PayNow contact belonging to one "Tan Kok Liang".

ALSO READ: 3 presidential candidates confirmed; Singaporeans will head to polls

This article was first published in The Straits Times. Permission required for reproduction.