Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Don’t Be Baited! 5 Signs of Phishing in Email

Don’t Be Baited! 5 Signs of Phishing in Email

Be on the lookout for signs of phishing to keep your personal info and banking details from being stolen

Whether you are crunching office works or doing personal stuff, cyberthreats lurk in your computer, waiting for the perfect opportunity to attack. Several malwares may be straightforward in infiltrating your system but other scams are often hidden in deceitful innocent forms. To help you protect your private data and sensitive correspondence, here are the five signs of phishing in email to watch out for.

What exactly is phishing? And how serious is it?

Last July 10, a new phishing scam surfaced in Singapore which contributed to 374 reported cases involving losses that totaled to about $1.07 million. In fact, records from police authorities has revealed that more than S$201 million worth of amount was cheated through top 10 scam types in 2020. This shows that phishing has become extremely rampant as ever.

Phishing is a method used by criminals to fraudulently obtain your private personal data and/or banking information. This may include a wide variety of ways depending on the scheme launched by the perpetrators. In essence, they disguise themselves as a legitimate individual who offers you a promo, product, or service through email, instant messaging, and other online correspondence. Once they obtain your private information, the cybercriminals will use it to access your online profiles to perpetuate further fraudulent acts, or worse, drain your financial channels.

As these criminals become more and more creative on formulating their scam, it is important that you stay vigilant, especially on every business organization’s primary mode of correspondence- your email.

Read More: Personal Data Protection Act Singapore: Is Your Business Compliant?

What are the signs of phishing in email?

1. Unexpected emails

These cybercriminals usually send broadcast emails to a large populace to increase their batting average. It makes sense as the more person you send a random message thereto, the more chance of having some people respond. If you receive an unanticipated email, always check the time it was sent to you. Unexpected emails usually come on wee hours, especially those sent by criminals who send broadcast phishing message internationally.

It is also a good practice to check if the message is from one of your contacts. If not, exercise caution as you open the email.

2. Public email domain

Emails that contain business opportunities or transactions are legitimately sent by representatives through official company emails. If you receive dubious emails that ends with public domain, e.g.,, this may be a phishing scam. Take a look at this example:

Source: welivesecurity | signs of phishing

Most duly registered business organizations, except for some small startups, will have their own company email domain and accounts. Example of which is how Google’s official correspondence ends with

The most effective way to verify the email’s legitimacy is to visit the company website and check if their “Contact Us” or “About Us” section contains an official company domain that matches the sender’s.

3. Suspicious Attachments

If you receive an email that commands you to download a certain file attached, this is one of the most common signs of phishing. The file attachment serves as the “payload”, which once downloaded, unleashes malware to your computer system and leach off your private information. See example below:

Source: MailGuard

If you receive some sort of pop-up warning from your browser, or if your application prompts you to adjust your security settings, it may be best to not proceed on downloading the attachment. You should contact the sender’s company through other methods and verify if the email (and file attached) is legitimate.

4. Promise of Reward

Misleading offers of too-good to be true deals and prizes are one of the most common signs of phishing sent to private individuals. Usually, these messages creates a sense of urgency and commands you to act immediately; whether to click a certain button or complete a survey.

If an email tells you that by simply following a link can you get you a free cruise-trip around Europe, it is safe to assume that it is a phishing scam.

signs of phishing
Emails that ask for your login credentials and banking info are signs of phishing, too! These confidential info should not be asked through email.

5. Asking for your private information

Lastly, one of the signs of phishing scams is an email that asks you to provide your login credentials for a certain account. All duly registered business organizations are fully aware that these type of confidential information should not be sent over the internet.

If the email sender claims to be from your bank and requests for your banking details, you should be cautious. Never release any confidential info without first clarifying with the bank through a quick phone call. Should they confirm that they have indeed intended to contact you, inform them that you are not comfortable in releasing your information via email and would prefer to transact on the phone or through personal appearance.

Nowadays, cybercriminals are coming up with more sophisticated schemes on how to steal your private information. Although phishing has been a constant threat to cybersecurity, it is one of the most easiest ploy to crack. All you need to do is to watch out for signs of phishing and exercise your best judgment on whether an email is legitimate or not. An extensive research works best, but in most situations, your common sense would suffice.

Also Read: How Does Ransomware Work? Examples and Defense Tips

Protecting personal data that the organisation manages is the primary duty that must be upheld, or else risk the financial penalty imposed by the PDPC in case of a breach. To help organisations with their data protection compliance, they can outsource a DPO, which is an officer responsible for ensuring that all data protection provisions are complied with at all times. 

A DPO is responsible for ensuring that there are policies set up in place when it comes to clicking unexpected emails which may contain malicious links. Since employees are the target of bad actors, a DPO can ensure that they are well aware of the risks of clicking attachments in the email that could infiltrate the organisation’s system. 



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us