There have been several news reports about Singaporeans losing money to online hackers/scammers. SGD1.4 trillion has been lost to scams globally. Singapore victims lost the most on average. This is a risk we cannot ignore.
I will talk about the habits and practices I adopt to reduce this hacking/scamming risk.
- Ensure smartphone settings are set to minimize security risk
The most dangerous device to be hacked in my possession is my smartphone. I guard my phone with the same level of security as I did for my rifle during National Service today.
If you own an Android phone, this is the most important setting to avoid being hacked and losing money.
Disable the "install unknown apps" option. It will prevent accidental installation of malware which allows scammers to gain access to your bank accounts. This is how you disable the "install unknown apps" option. Go to Settings. Search for "unknown". Then select the appropriate option. Make sure that all apps, especially browsers and messaging apps (WhatsApp, Telegram, SMS) are disabled from installing unknown apps.
This option should be disabled by default but do not assume. Check it out and confirm it has been disabled.
I did this for all my loved ones. Do this for your elderly parents because they are the most vulnerable group.
- Do not install apps that are not from official app stores like Google Play Store (Android phones) or Apple App Store(iOS)
Most of the hacking incidents I read result from users installing an app not from the official app stores.
If you are using an Android phone, do not install any app not from Google Play Store.
If you are using an iPhone, do not install any app not from Apple App Store.
If phone users followed this simple rule, probably 90% of the hacking incidents I read about would not have happened.
- Don't install apps unnecessarily even if they are from the official Google Play store
Less is more when it comes to phone security. The fewer apps installed, the lesser the risk of being hacked.
There is no guarantee that the official app stores can screen off all the apps with malicious intent. Here is a list of criteria I use before installing an app from Google Play Store
- Apps are from large, reputable companies(Google, Microsoft) or government agencies
Obviously, these organizations will not steal your money. - More than 100,000 downloads
If the apps do not meet the first criteria, then they should have at least 100,000 downloads. Most of the apps I have on my phone have more than 1m downloads.The greater the number of downloads, the lower the risk of them being malware.
- use biometric (or fingerprint), not password, authentication
Malware can intercept passwords as you type them but it cannot if you authenticate using your fingerprint.
Whenever I have the option to use fingerprint authentication, I will do so. I will not buy a phone which does not support fingerprint authentication.
- Enable app notifications on banking/financial services
I enable notifications on all financial transactions as much as possible. I go to all the banking, credit card, brokerage, and money-related websites I use and ensure that the settings are made in such a way that the smallest financial transaction will trigger an alert to my phone and/or send an email.
This way, I can take immediate action when a hacker starts stealing my money.
- Switch the phone off or put it into airplane mode when I'm sleeping
If a hacker managed to gain access to the phone, the most likely time to steal is during the victim's sleeping hours. If the hacker tries to steal during the day, the app notifications will alert the victim.
By switching my phone off or putting it into airplane mode, the hacker cannot steal my money while I am sleeping.
- Avoid answering incoming phone calls starting with “+” sign prefix
Most of the incoming phone calls starting with “+” sign prefix are automated calls which are likely scam calls. The moment I hear an automated voice, I hang up the phone.
I do not answer incoming calls from an unknown number unless I am expecting an important phone call.
- Avoid clicking on links in SMS
Clicking on phishing links in SMS can lead to accidental malware installation, if the "install unknown apps" option is not disabled.
I installed the Scam Shield app from Singapore Police Force to reduce the incidents of scam calls and scam SMSes.
- Scan phone, PC/laptop at least once weekly for virus/malware
I set a calendar event to remind myself to scan for viruses/malwares on my phone and computers to do this at a specified time each week. I try to do this with discipline without fail so that in time, it becomes an ingrained habit.
Please share these practices around if you think they make sense and are helpful.