Running a micro, small or medium enterprise (MSME) in Singapore requires constant attention. You manage daily operations, oversee cash flow, and look for opportunities to grow. At the same time, your business may be targeted by scammers given the frequency and urgency of financial transactions.
Cybercriminals often target SMEs as payment processes are frequent and time-sensitive, and multiple staff may handle invoices and banking matters. This can create opportunities for fraudulent instructions to be introduced into normal everyday workflows.
By understanding common scam tactics, businesses can implement practical safeguards to reduce risk. This guide outlines common scam scenarios and provides measures to help strengthen your controls.
Business Email Compromise: “Our bank details have changed”
One common threat is Business Email Compromise (BEC), also known as invoice redirection fraud. In these cases, a staff member may receive an email appearing to be from a known supplier or partner, requesting a change in bank account details and urging immediate payment.
These emails may appear legitimate, using familiar tone, logos, or even existing email threads, which increases the risk of staff falling victim to the scam. Payment may be processed but the funds are diverted to fraudulent accounts.
How to protect your business
Securing your payment process requires a mix of vigilance and structured workflows. Verify changes in payment details using known, trusted contact details (e.g., previously verified phone numbers), rather than relying solely on the email. Implement a dual approval process for changes to vendor payment information. Train your team to be cautious of subtle email differences, such as minor spelling variations in the sender’s domain name.
Executive Impersonation: “We need this payment processed urgently”
Scammers may impersonate senior management to request urgent and confidential payments, often pressuring staff to act quickly without verifying the request. Requests may be sent via email or messaging platforms and rely on perceived authority and urgency to bypass controls.
How to protect your team
Have clear approval workflows in place for all financial transactions, regardless of the requester’s seniority. Staff should verify unusual or urgent requests through independent channels. Requests involving secrecy or urgency should be treated with caution and escalated where appropriate.
Malware and Phishing: “Please install this system update”
Employees may receive messages prompting them to install software or click on links/attachments. These may introduce malicious software that can capture credentials or alter payment instructions.
How to protect your systems
Digital hygiene is essential for modern business security. Only install software from trusted, official sources. Instruct your team to avoid clicking on unknown links or downloading unexpected attachments. Keep all operating systems and security software up to date to reduce exposure to known vulnerabilities.
Singpass and Money Mule Risks: “Can we use your details?”
Sometimes, threats target an individual’s identity to facilitate corporate fraud. A staff member or third party might be approached with a request to use their Singpass to “set up accounts” or share their digital credentials to “facilitate business operations.” They might even be asked to receive money on behalf of others, framed innocently as helping the company out.
In reality, such attempts may be used to create money mule accounts or misuse a digital identity for fraudulent transactions. Misuse of Singpass or bank accounts can expose both the individual and business to financial losses and potential legal or regulatory consequences.
The golden rule for Singapore businesses
Never share your Singpass credentials, and do not allow your business or personal bank accounts to be used by unverified third parties. Your digital identity is key to your business’s financial security.
Trust-Based Scams: “I thought the relationship was real”
While often associated with personal losses, trust-based scams, including love scams or romance scams, can also have implications for businesses. You might meet someone new online, and over time, a strong emotional connection forms. Gradually, conversations may shift toward financial matters.
They may ask you to support a new business venture, claiming they are unable to access funds overseas for a time-limited opportunity. In some cases, they may even ask you to take out a business loan in your company’s name, with assurance that it will be repaid once profits are received.
These scams can be particularly difficult to detect as they rely on trust built over time rather than obvious warning signs.
How to protect yourself
Be cautious when forming relationships or dealing with individuals met online. Before making transfers or financial commitments, take a step back and speak to a trusted colleague, friend or financial advisor. Avoid transferring funds or extending credit to individuals you have not met in person or otherwise independently verified.
Practical Safeguards to Secure Your Business
Safeguarding your business does not have to be overly complicated. A few simple, consistent controls can go a long way in helping to keep your capital more secure and your operations running smoothly.
Start by verifying all changes to payment instructions offline, using phone numbers you already have on file. Implement a dual approval system for outgoing payments, ensuring no single person can authorize large transfers alone. Limit access to banking platforms and financial credentials to those who need it. Finally, invest in training your staff to recognize common scam red flags and empowering them to escalate suspicious requests promptly without fear of reprimand.
By fostering a culture of awareness and open communication, you can better manage risks in the digital landscape and keep your business focused on sustainable growth.
