Threat Intelligence

Phishing in Singapore: A 49% Surge and What the Data Reveals

Statistical chart showing trends in phishing attack frequency
Phishing attack volume trends. Image: Wikimedia Commons, CC license.

Phishing remains the most prevalent cybersecurity threat facing Singapore. According to the Cyber Security Agency's Singapore Cyber Landscape 2024/2025 report, phishing attempts rose by 49% compared to the previous year. The scale and sophistication of these attacks have made them a focal point for both regulators and organisations across the city-state.

The Anatomy of a Phishing Attack in Singapore

Phishing campaigns in Singapore predominantly target individuals through email, SMS (smishing), and messaging applications. The CSA's data indicates that attackers commonly impersonate:

The most common tactic involves creating near-identical replicas of legitimate login pages. URLs typically differ from authentic domains by one or two characters — a technique known as typosquatting. The CSA has documented cases where phishing domains were registered and deployed within hours of being created, then taken down within 24-48 hours to evade detection.

Why the 49% Increase

Several factors contributed to the documented increase in phishing volume during 2024:

Documented Identification Methods

The CSA's "Better Cyber Safe Than Sorry" campaign outlines specific checks for identifying phishing attempts:

Post-Compromise Response Protocol

For individuals who have entered credentials on a suspected phishing site, the sequence recommended by CSA and the Singapore Police Force is:

  1. Immediately disconnect the device from the internet
  2. Change passwords for the compromised account and any accounts sharing the same password
  3. Enable two-factor authentication (2FA) on all critical accounts — email, banking, and government services
  4. Contact your bank immediately if financial credentials were entered
  5. Check login history across accounts for unauthorized access
  6. Call the ScamShield Helpline at 1799 (24/7) to report the incident
  7. File a police report if financial loss has occurred

SME-Specific Measures

The 2026 best practices for small and medium enterprises documented by industry bodies in Singapore include:

According to CSA data, organisations that conducted regular phishing simulations reported 40% fewer successful credential compromises compared to those without simulation programmes.

Scale of Financial Impact

The Singapore Police Force reported that scam-related losses exceeded S$660 million in 2023, with phishing contributing a substantial portion. While 2024 data is still being compiled, the 49% increase in attempt volume suggests the financial impact has continued to escalate. The banking sector's introduction of the Shared Responsibility Framework in December 2024 redistributes liability between financial institutions, telecommunications companies, and consumers in cases involving phishing.

Content last reviewed: March 28, 2026