GE2025: CSA urges vigilance against scams and misinformation during election period
The Cyber Security Agency of Singapore warned against several potential cyber threats, including phishing, scams and disinformation.
File photo of a simulated ballot box at Elections Department Singapore. (Photo: CNA/Syamil Sapari)
This audio is generated by an AI tool.
SINGAPORE: The Cyber Security Agency of Singapore (CSA) on Tuesday (Apr 15) cautioned voters on the need for vigilance against cyber threats amid the upcoming General Election.
Singapore's parliament was dissolved on Tuesday afternoon, with voters heading to the polls on May 3.
In an advisory issued after the announcement of Polling Day, the CSA noted that election campaigning in Singapore has shifted to a digital space or transformed into a hybrid format.
Candidates can expand their reach by using social media platforms to provide updates and hold virtual rallies, make use of fundraising websites, or use web-conferencing tools to host virtual question-and-answer sessions, said CSA.
"However, this shift to the digital space provides cyber threat actors with more opportunities to attack unsuspecting voters," it added.
"Threat actors may take advantage of election fervour and incorporate election-based themes in their attacks to increase their chances of success."
CSA outlined several potential cyber threats, and what measures can be taken to mitigate the risk of falling for them.
PHISHING
Phishing, a type of cyberattack where the attacker impersonates a trustworthy entity to trick individuals into revealing sensitive information or performing actions for malicious purposes, can take many forms during the upcoming hustings, CSA said.
"Threat actors may compromise the social media accounts of election candidates and political parties or create fake social media accounts to launch phishing attacks.
"Phishing attacks can also come as fraudulent emails, text messages, and phone calls impersonating election candidates or political parties," said CSA.
This way, threat actors can spread false or misleading information to manipulate voter behaviour or influence opinions.
Malicious actors can also create websites that mimic the content of official campaign websites to carry out social engineering attacks.
Financially motivated threat actors may also impersonate election candidates or political parties to seek donations from members of public.
In recent years, AI has been used to craft highly personalised and convincing phishing emails, messages or voice clones, increasing the likelihood of a successful attack. It can also be used to analyse the victim’s background to create a more convincing facade that aligns with the victim’s political ideologies, leaving them open to being scammed, CSA said.
"Unsuspecting victims may inadvertently provide sensitive information like passwords and banking credentials or perform financial transactions thinking that they are supporting a legitimate cause."
CSA noted that the context of General Elections has been used in the past to conduct scams and urged vigilance against such scams.
MALWARE
Voters or members of the public may be duped into downloading malware that masquerades as legitimate software; this may take the form of video conferencing apps that candidates and political parties use to conduct campaign activities online, CSA noted.
"When downloaded and installed onto the victim’s device, the malware could potentially allow the threat actor to access and steal data, leading to data breaches or other malicious activities."
Cybercriminals may also send emails or SMS messages that contain links to fake websites or malicious attachments to install malware on voters’ devices.
An email claiming that the voter’s registration has encountered a problem may contain a link for the recipient to click to verify their details. They would instead be taken to a fake website where malware is then installed on the voter’s device, said CSA.
MISINFORMATION
CSA said that manipulation, misinformation or disinformation can significantly impact the integrity and fairness of elections.
Manipulation refers to unauthorised changes to official documents often done by controlling official accounts of the candidates or parties.
Misinformation is the publication of inaccurate information stemming from mistakes or misunderstandings without the intent to deceive, while disinformation is the intentional spread of falsified information to deceive or harm the candidates or parties, CSA said.
Deepfakes can also be deployed by malicious actors to spread false narratives. They are designed to go viral quickly, creating the illusion of widespread support and impacting public perception, which could then damage the credibility or reputation of the party or candidate, it added.
HOW TO STAY SAFE
The CSA shared several cyber hygiene measures, including being wary of unsolicited emails and messages, particularly those asking for sensitive information or financial payments.
Voters should be vigilant, take a pause and do further checks, even if the purported sender of the email or message is from an election candidate or political party.
"It is crucial for voters and other members of the public to exercise caution and discernment when encountering information requests on social media platforms, messaging platforms and websites during the election period," said CSA.
"By being more careful and critically assessing the information received, you can safeguard yourself from potential monetary losses or spreading misinformation."
Voters should only download apps from their official sources and ensure that they receive information from trustworthy sources.
"Only rely on official election websites, trusted news outlets, and verified social media accounts," said CSA.
Deepfake videos can have subtle distortions, including visual anomalies like inconsistent lighting, strange facial expressions, or unnatural blinks, it said. These videos can also have unnatural-sounding audio, with mismatched lip-syncing, a sign that it could be fake.
According to the police's annual statistics on scams and cybercrime, at least S$1.1 billion (US$822 million) was lost to scams in 2024.
The Elections Department said in an advisory on its site that it was aware of a claim circulating on chat messaging platforms impersonating ELD and providing a scam link for victims to click on which will result in financial loss.
ELD said that it does not send WhatsApp or Telegram messages with clickable links. It may send emails with clickable links for members of the public to access its Voter Services webpage, but always from email addresses ending with “@eld.gov.sg”, it said.
