Singapore saw over $1.1 billion lost to scams in 2024 alone.
That’s not just a security problem—it’s a control problem.
Whether you’re a business owner or a regular user, real data protection starts with knowing what you can control.
One high-profile case revealed how vulnerable even the tech-savvy can be.
In 2024, authorities charged Singaporean Malone Lam with a US$230 million cryptocurrency scam.
His approach?
Not malware. Not hacking.
The manipulation of trust and a series of false identities—Google support staff, Gemini exchange representatives—all designed to convince one victim to surrender access to their cryptocurrency wallet.
This wasn’t a glitch in the system.
The vulnerability arose while the victim was interacting with their data in real time.
Understanding how data behaves across different states helps to spot weak points before scammers can. Our practical guide to cybersecurity in finance IT breaks down why this mindset is crucial—especially for industries that handle sensitive transactions daily.
Data-at-Rest: Securing What You’ve Already Stored
“Data at rest” refers to the information sitting quietly in storage—documents, credentials, saved logins.
Lam’s case may have started with an email inbox or cloud drive holding sensitive content.
Businesses that leave these files unprotected are leaving the vault open.
We cover why encrypting storage systems like NAS or servers isn’t just best practice—it’s the baseline for surviving in today’s risk landscape.
For businesses: Encrypt sensitive files and limit access to only those who need it.
For individuals: Avoid using your phone gallery or notes app for passwords and recovery phrases.
Use a secure password manager instead.
Data-in-Transit: What’s Moving Is What Gets Hijacked
Scams involving fake RedeemSG links, Telegram “buyers,” or phishing via QR codes all rely on data being intercepted while in transit.
Someone can pick off or misdirect these constantly transmitted messages, links, and logins.
We explore how data-in-transit attacks work—and how to defend against them in a straightforward breakdown.
Your move:
- Never download apps or click links from unofficial sources.
- Confirm any redemption or payout scheme using a government domain (like
go.gov.sg) before taking action. - Use ScamShield and keep your devices updated with security features enabled.
Data-in-Use: The Most Dangerous State is When You’re engaged
Lam’s scam succeeded because Lam manipulated the victim in real time.
The scammer prompted him to give away two-factor authentication codes and send funds—all while he believed he was protecting his account.
This is the most vulnerable state of data – when you’re interacting with it.
Protecting data in use, especially in shared workspaces, goes beyond cybersecurity tools. It’s about the way we think, react, and verify under pressure.
Real data protection means slowing down:
Use features like “Money Lock” for banking and set low thresholds for transaction alerts.
Don’t transfer money based on a call, even if the caller seems to know your details.
Don’t share passwords or OTPs, not even with someone who claims to be from the bank.
Why This Matters for Business Owners
Scammers target not only individuals.
Investment scams, impersonation cases, and even “AI-powered” portfolio frauds have hit companies too.
In one case, scammers used manipulated screenshots and fake apps to convince investors their funds were performing, when in reality, the money was long gone.
If your firm holds sensitive client data or facilitates digital transactions, internal controls around data protection aren’t optional—they’re a business survival strategy.
True Data Protection isn’t just a software setting.
It’s in the habits of your team, your customers, and you.
Every action—whether encrypting a file, verifying a sender, or refusing to share an OTP—builds a wall scammers can’t scale.
