Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Email spoofing: Avoiding them through good cyber hygiene practices

Email spoofing
Be vigilant with email spoofing scams!

Email spoofing is rampant nowadays as it is the most convenient way of gaining access to an Organization’s system without making any noise or attention. There are many cases reported regarding businesses falling victim to this tactic, but there are ways to prevent it from happening at your expense. But first, let us define what Email spoofing is all about.

Email spoofing, defined.

According to Proofpoint, email spoofing is a method used in phishing attacks and spams to deceive users into thinking that a message was sent from a legitimate source that they can trust. 

In spoofing attacks, the bad actors forge legitimate business headers and make it appear that such a phishing email seems genuine, whereas, in truth and fact, it is fraudulent. Typically, these are taken at their face value; that’s why many unsuspecting victims fell victim to it. Unless such users inspect the header closely, that is the only time that the user can identify that such header is a fraudulent one. 

Spoofing scams thrive because when users recognize the name that has been imitated, they are most likely to trust it outright without inspecting it first. With this, upon instructing to click the attached file, it is highly likely to be followed as instructed. With this, everyone is reminded to be vigilant with emails received before opening them, especially the attached files or links.  

Email spoofing statistics

On May 20, 2020, the Singapore Police Force reminded the public and organizations to be vigilant with email spoofing activities imitating legitimate businesses. As reported in the first quarter of 2020 alone, there has been over 100 reports of such scam with a total loss of S$9,200,000. Compared to the same period in 2019, cases have increased by 30%, with S$12,800,000 as damages. 

In these cases, the victims had reported a recurring theme in email spoofing, which is impersonating a legitimate organization, or in this case, as the victim’s legitimate business partners. The bad actors, impersonating the business partners of the victims, requested for funds to be transferred to a new bank account. 

In other cases, the bad actors request the employees to purchase iTunes or Google Play cards and send them their redemption codes after paying for the stored value cards.

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

Email spoofing
Email spoofing is a problem every Organization should be vigilant of.

Email spoofing preventive measures and good cyber hygiene practices

In light of the increasing number of cases of email scams, the Singapore Police Force suggests adopting the following preventive measures to follow:

a) Educate your staff to be mindful of any new or sudden changes in payment instructions and bank accounts. Always verify these instructions by calling the email sender. Always use phone numbers in your record instead of unknown numbers provided in the fraudulent email.

b) If these employees are working from home during the Circuit Breaker period, consider putting additional layers of checks before payments and fund transfers are made. Create awareness in your employees on this scam, especially those responsible for approving payments and making fund transfers such as making purchases or managing HR payroll.

c) Prevent your company’s generic email account from being hacked by using strong passwords, changing them regularly, and enabling Two-Factor Authentication (2FA) where possible.

d) Consider installing email authentication tools such as Domain-based Message Authentication, Reporting, and Conformance, DMARC, which can help detect fraudulent emails.

e) Install anti-virus, anti-spyware/malware, and firewall on your computer, and keep them updated. You may consider installing free Domain Name System (DNS) protection services such as Quad9 ( to protect against such attacks. Lastly, update your Operating System (OS) when new patches are made available.

There’s nothing a ninja can’t do!

Privacy Ninja can help you.

Email spoofing activities could be a potential threat to the growth of your business. While it is true that there are good cyber hygiene practices that you should always follow to prevent bad actors from having access to your system, there is a way for you to identify if your organization’s email domain could be vulnerable to any phishing attack. This can be done through an email spoofing vulnerability test.

Privacy Ninja offers a free non-obligatory email spoofing vulnerability test that you can request anytime. All you have to do is email us at ([email protected]) and determine if your email can be prone to phishing attacks. 

Also Read: Data Protection Officer Singapore | 10 FAQs



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us