Children in Singapore today are among the youngest in the world to go online at the age of 10, according to a 2022 survey by Google and Qualtrics. From banking apps to resale marketplaces and games like Fortnite, many young ones are now traversing a dynamic and exciting digital frontier. However, this growing digital independence brings new dangers.

Social Engineering Scams in SingaporeImage credit: Pixabay

This survey also found that children were only educated on online safety at the age of 13, and that three in ten parents felt their children were not well-informed about online safety.

According to the Singapore Police Force’s 2024 Annual Scams and Cybercrime Brief, more than one in three scam victims aged 19 and below in Singapore fell prey to e-commerce scams, with 75% of all online shopping scam cases occurring on a popular second-hand e-commerce platform popular among youth.

How can a generation born into the internet age be so susceptible to vulnerability? The answer: social engineering by malicious actors.

How does social engineering outsmart young digital natives?

Children Online FreepikImage credit: Freepik

Social engineering is an attack technique that strategically manipulates human emotions like trust, fear, and excitement to persuade people to divulge sensitive information or data. It is what turns a good deal on an e-commerce platform, a limited-time launch on Instagram, or a too-good-to-be-true giveaway on TikTok into something far more dangerous.

Instead of breaking into devices, scammers trick users, especially kids, into opening the door themselves – circumventing even the strongest security measures. Children are naturally trusting. That makes them great learners, but also easy targets.

The opener: reconnaissance and pretext

In social engineering, scammers usually begin by identifying targets. The Cyber Security Agency of Singapore recently found that cybercriminals are using generative artificial intelligence tools to conduct reconnaissance – gathering personal details from public profiles, school websites, or gaming communities to make their messages more appealing and convincing.

Once they identify a target and gather information about the victim and their social circle, they initiate contact by impersonating a classmate, influencer, or a gaming admin – using their identity to send simple messages, like fun-sounding gaming invites and school-related requests. Skilled cybercriminals also use pretexting at this stage to craft a believable story based on the information they gather. Many scammers now use readily accessible genAI and deepfake tools to make opening attacks personalised and convincing.

Setting the trap: emotional manipulation

After malicious actors ensnare their target’s attention, they then build rapport to gain trust. At this stage, cybercriminals actively seek to manipulate targets through powerful emotions – for example, through messages that tap into fear (your Roblox account will be suspended) or excitement (free in-game currency!).

Some malicious actors go even further with more sinister tactics like grooming, where they build strong emotional bonds with vulnerable children over time – or honey trapping, where scammers pose as potential romantic partners. The end goal? Getting the victim to engage with a malicious link, visit a phishing site, or download ransomware.

Springing the trap: doubling down on panic and shame

With the victim primed, these attackers then double down with stronger emotions like panic and shame to spring them into action. This is where tactics, like impersonation of authority figures, blackmail, and sextortion, come into play – which drive the child to turn over money or sensitive information.

The real impact of social engineering can be so much worse than compromised passwords and a few lost dollars. A seemingly harmless click on a phishing link or game promotion could spread ransomware to devices shared by the family. One misstep by a child can compromise a parent’s sensitive work files, bank accounts, or even give attackers access to their workplace’s networks.




Building better digital resilience in children starts at home

While national initiatives like the SG Cyber Safe Students Programme and ScamShield equip young ones with the knowledge to guard against online threats. What’s often missing is consistent parental guidance to help children put that knowledge into practice. That’s where parents play a pivotal role. To help their children build better digital resilience, parents should follow these three tips:

  • Help children practise discernment in real-life scenarios.
    ○ Instead of handing kids a long rigid list of rules, parents can make digital safety part of everyday conversations. Encourage your child to ask questions when something feels off: Who sent this message? Do I know this person? Why is it urgent? What are they asking for? Is this something they’d really say? By discussing real-life examples together, children become more confident in identifying phishing attempts, which often use generic greetings, dubious-looking links, and suspicious e-mails. Just as importantly, parents should create a judgment-free space where kids feel safe opening up, even if they have fallen prey to a potentially embarrassing blackmail attempt or sextortion scam.

Parental Guidance Online FreepikImage credit: Freepik

  • Explain the why behind security, privacy, and cyber hygiene practices.
    ○ It’s not enough to simply set up security settings. Children need to understand the purpose behind them. Parents should take time to explain why it’s important to keep social media accounts private, avoid sharing personal information like birthdays or school names, and exercise caution when scanning QR codes or clicking on links. Reinforce why app updates, strong passwords, and multi-factor authentication matter. When kids understand the why, they’re more likely to internalise these habits and act on them independently.
  • Tap into tools and insights from security experts.
    ○ At the end of the day, there’s only so much parents can do on their own – but parents can create a strong safety net by using reliable cybersecurity solutions. Tools that offer AI-powered phishing detection, real-time threat monitoring, and parental controls are the best for protecting children. These tools help catch what kids – and even adults – might miss. Many cybersecurity vendors have developed family-friendly platforms like Safer Kids Online, which can be useful tools for building healthy online habits together in an interactive way. Safer Kids Online, in particular, was developed with child psychologists and digital safety experts to make learning about digital safety easier and less intimidating.




Fighting social engineering is a family effort

Social engineering lies at the heart of many modern cyber threats, from phishing and impersonation to ransomware. For children, who lack the context and caution of adults, these threats are especially dangerous.

As digital access increases, parents can’t just rely on security solutions. They need to develop a shared understanding of security with their children. Like washing hands, cyber hygiene is a habit worth building early. By helping your kids learn to recognise emotional manipulation, verify sources, and think critically, you’re equipping them with lifelong digital resilience against social engineering and whatever attacks come next.

By Jake Moore, Global Cybersecurity Advisor, ESET.

* * * * *

Looking to reach over 100,000 parents in Singapore? Let us amplify your message! Drop your contact details here, and we’ll reach out to you.

Discover exciting family-friendly events and places to explore! Join our Telegram channel for curated parenting recommendations.