As Singapore heads towards general elections on May 3, it is anticipated that fraudsters — ever active and innovative — would try to exploit this very important development and target the public in various ways. Everything from phishing scams and malware to deepfakes is expected, and the Cyber Security Agency of Singapore (CSA) has asked people to remain alert.
With a surge in deepfakes during the Singapore general elections (GE2025), as reported today, Singaporeans are advised to beware of misinformation in the form of this Artificial Intelligence-enabled technology.
CSA Singapore recently issued an advisory, outlining how the digitalisation of the election campaigning “provides cyber threat actors with more opportunities to attack unsuspecting voters”.
On the subject of deepfakes, this advisory said they could be used “to spread false narratives”. The Agency informed: “Deepfakes refer to multimedia (images, videos, and audio) that are synthetically created or manipulated by AI and can be used to convincingly depict election candidates saying or doing things they never did. They are designed to quickly go viral, creating the illusion of widespread support and impacting public perception, which could then damage the credibility or reputation of the party or candidate.”
Drawing attention to the fact that social networks and video-conferencing apps were now an integral part of election campaigning — and election fundraising — in Singapore, the CSA advisory said: “Threat actors may take advantage of election fervour and incorporate election-based themes in their attacks to increase their chances of success.”
The Agency laid out the ways in which cyber-crime rackets could take advantage of people’s keen interest in the Singapore elections and lure them into scams.
● Phishing scams, one of the commonest types of digital scams, tend to send the targets a text message or an e-mail containing a malicious link that imitates the web link of a legitimate entity. The targeted victim, if he or she clicks on the link, is tricked into giving away financial information that causes a huge monetary loss.
Threat actors may compromise the social media accounts of election candidates and political parties or create fake social media accounts to launch phishing attacks. Phishing attacks can also come as fraudulent e-mails, text messages, and phone calls impersonating election candidates or political parties.
Cyber Security Agency of Singapore
Aside from taking people’s money through fake political donation links, such phishing scams might also be used to spread misinformation and/or manipulate opinions, said CSA.
The Agency said that the use of Artificial Intelligence had made these phishing scams increasingly sophisticated, and even customised for targets. Scammers may be able to identify causes that a targeted victim supports and then send personalised messages to the victim.
“Unsuspecting victims may inadvertently provide sensitive information like passwords and banking credentials or perform financial transactions thinking that they are supporting a legitimate cause,” said CSA.
Also read: Surge in AI videos on Singapore GE2025 raises concerns
● Malware attacks could come disguised as harmless software downloads, with targeted victims asked to download apps for supposedly joining an election campaign conversation.
“When downloaded and installed onto the victim’s device, the malware could potentially allow the threat actor to access and steal data, leading to data breaches or other malicious activities,” said the Agency.
This kind of malware could also come through text messages or e-mails, and downloading an attachment or clicking on a link could expose the user’s device to malware. For instance, said CSA, a simple e-mail about voter registration could lead to unintended malware download.
● Misinformation is yet another form of cyber-crime, one that aims to influence electors by feeding them falsehoods. Analysing all the fraudulent activities under this category, the CSA advisory said: “Manipulation, misinformation or disinformation can significantly impact the integrity and fairness of elections.”
Manipulation refers to unauthorised changes to official documents often done by controlling official accounts of the candidates or parties. Misinformation is the publication of inaccurate information stemming from mistakes or misunderstandings without the intent to deceive. Disinformation is the intentional spread of falsified information to deceive or harm the candidates or parties.
Cyber Security Agency of Singapore
CSA advisory lists cyber-hygiene steps for Singapore voters
● Protection against phishing scams
“When receiving unsolicited e-mails and messages, particularly those asking for sensitive information or financial payments, voters should be vigilant, take a pause and do further checks,” said CSA. Voters and members of public should:
- Closely examine the URL link(s), if any, to check that any link to a website is legitimate before clicking on the link. Verify that the website domains are genuine by cross-checking with the domains used by political party websites.
- Refrain from clicking on URL links in unsolicited e-mails and messages.
- Always verify the authenticity of the information with official websites or sources.
- Rely on verified and reputable news outlets, official government websites, and the Elections Department (ELD) for election information.
- Never disclose any sensitive or financial information such as banking credentials and passwords.
- Report suspicious phishing or scam activity through the ScamShield app.
● Protection against malware scams
CSA said: “Download apps and software only from official sources (e.g. Google Play Store, Apple App Store, Microsoft Store, etc) and pay attention to the security permissions required by the app and/or its privacy policy.
“Be particularly wary of apps that request for unnecessary permissions on your device such as access to your call logs or camera functions that may not be necessary for the proposed function of the app.”
● Protection against disinformation/misinformation
“Always check where the information is coming from and ensure the source is trustworthy,” said CSA. Do the following:
- Only rely on official election websites, trusted news outlets, and verified social media accounts.
- Watch for visual anomalies in deepfakes as these videos can have subtle distortions, like inconsistent lighting, strange facial expression, or unnatural blinks.
- Deepfake videos also often have unnatural audio. Pay attention to mismatched lip-syncing or audio that sounds unnatural.
- Avoid sharing unverified information as it can contribute to spread of inaccurate information.
