3 out of 4 in Singapore cannot identify deepfake content: Cyber Security Agency survey

Only one in four people here can distinguish between deepfake and legitimate videos, even though a majority say they are confident they can do so.

This is one of the key findings of a survey released on July 2 by the Cyber Security Agency of Singapore (CSA).

Questions related to deepfakes were included for the first time in the 2024 edition of the Cybersecurity Public Awareness Survey, given the prevalence of generative artificial intelligence (AI) tools that make it easier to create fake content to scam unsuspecting victims.

A total of 1,050 respondents aged 15 and above were polled in October 2024 on their attitude towards issues such as cyber incidents and mobile security, and adoption of cyber-hygiene practices.

Nearly 80 per cent said they were confident about identifying deepfakes, citing telltale signs such as suspicious content and unsynchronised lip movements.

But only a quarter of respondents could correctly distinguish between deepfake and legitimate videos when they were put to the test.

“With cyber criminals constantly devising new scam tactics, we need to be vigilant, and make it harder for them to scam us,” said CSA’s chief executive David Koh.

“Always stop and check with trusted sources before taking any action, so that we can protect what is precious to us.”

Compared with the previous iteration of the survey conducted in 2022, more people knew what phishing is.

When respondents were presented with a mix of phishing and legitimate content, 66 per cent were able to identify all phishing content, an increase from 38 per cent in 2022.

But only 13 per cent of the respondents were able to correctly distinguish between all phishing and legitimate content, a drop from 24 per cent in 2022.

While such trends are concerning, they are not unexpected, said Mr Vladimir Kalugin, operational director of cyber-security firm Group-IB’s unified products.

“This reflects the growing sophistication of scam tactics – for example, attackers now use AI to spoof well-known brands better and faster, adopt perfect grammar and mimic multi-factor prompts,” he said.

Fake phone numbers, stolen accounts of real individuals, and deepfakes of celebrities and politicians are often used, enhancing the trustworthiness of malicious links, he added.

“As the fake looks more like the real, even a more aware public faces greater difficulty making that final call.”

Mr Kalugin added that the growing inability to tell genuine messages from fake ones is eroding digital trust, which causes daily minute decisions such as clicking links and paying bills to slow down or stop entirely. This threatens the efficiency of online services and digital economy goals.

According to the 2024 survey, there has been an increase in the installation of cyber-security apps and the adoption of two-factor authentication (2FA) over the years.

More respondents had installed security apps in 2024, with 63 per cent having at least one app installed, up from 50 per cent in 2022.

The adoption of 2FA across all online accounts and apps also increased from 35 per cent in 2022 to 41 per cent in 2024.

Though 36 per cent of respondents in 2024 accepted their mobile devices’ updates immediately, 32 per cent preferred to update later. Those who chose not to update their devices remained low, at 3 per cent, down from 4 per cent in 2022.

Updates contain important fixes that address weaknesses in software and apps.

Around a quarter of respondents in the 2024 survey said they had been hit with at least one cyber incident, a slight drop from 30 per cent in 2022.

There was also a drop in the percentage of respondents who perceived that their devices were likely to be compromised by viruses or malware, from 60 per cent in 2022 to 57 per cent in 2024.

Nearly 40 per cent of people perceived themselves as being at risk of falling for online scams, down from 43 per cent in 2022.

About half of respondents expressed moderate to extreme concern about their Internet of Things (IoT) devices being hacked, but only 27 per cent said they knew how to secure such devices.

Still, among 870 respondents who owned or used IoT devices, 47 per cent had changed their default password settings, up from 38 per cent in 2022. More users also installed software and device updates promptly, up from 31 per cent in 2022 to 43 per cent in 2024.

CSA will be launching its sixth National Cybersecurity Campaign in September to build on existing outreach efforts. “With insights gathered from the 2024 survey, the new campaign will highlight the importance of cyber-security practices such as installing security apps, enabling 2FA and updating software regularly,” said CSA.

“The campaign will also comprise roadshows, corporate partnerships and talks, with posters and videos running on various social media and out-of-home platforms.”

Source: The Straits Times © SPH Media Limited. Permission required for reproduction.

MAS proposals a step forward in ‘democratising’ investing, ‘strikes right balance’: observers: Opinion ADV: <Newly Published> Law & Technology in Singapore (2nd Edition)