Bogus Govt Websites
The next time you apply for a passport online or check your CPF balance, be careful – you may be entering your information into a fake website.
Yes, government websites can be faked too, so keep your eyes open.
ICA Hit By Fakes
On Tuesday (Jan 31), Channel NewsAsia reported that the Immigration and Checkpoints Authority (ICA) had warned of a fake website, www.ica.sgov.asia, that was trying to trick people into entering their visa application numbers and passport numbers – a scam otherwise known as phishing.
This wasn’t the first time this has happened. In April 2016, the ICA issued a similar warning about a website with the URL www.ica-sg.com.
And in May 2016, it happened again. This time, those who made the fake website www.ica-spg.org were going for users’ NRIC and passport numbers.
And the scary part is, these fake websites all look almost the same as the real ones! Take a look at this comparison:
For the record, the ICA’s legit website is www.ica.gov.sg.
Other Govt Websites Also Kena
It’s not only the ICA that kena, though — in July 2015, The Straits Times reported that the Infocomm Development Authority of Singapore (IDA) also alerted users about a fake SingPass website with the URL www.singapass.sg.
With SingPass being a key gateway that connects users to hundred of services provided by more than 60 government agencies, losing your SingPass username and password to those with sinister motives can mean a whole lot of trouble.yup,
Even the (real) SingPass website – www.singpass.gov.sg – reminds users of the importance of safeguarding their sensitive security information:
The Ministry of Manpower (MOM) has periodically warned of bogus sites too, for example:
- www.momgovsg.com and www.mom-gov-sg.com (August 2015)
- www.mom-govn-sg.com (Nov 2015)
- wponlinemomgovsg.com (Jan 2016)
- www.singapurmom-stl.com (April 2016)
- govsg.mom (Oct 2016)
The MOM’s real website is www.mom.gov.sg.
It seems there is a rising trend of “phishers” phishing for personal information, and they are very smartly targeting essential government e-services. If you think this will never affect you, you’re in for a rude shock.
Firstly, you never know when you’ll be that poor soul that kena.
Secondly, the danger of stealing essential information such as one’s passport or NRIC number is that your identity can be stolen.
Mr Peter Sparkes, Symantec’s senior director of cyber security services for Asia-Pacific and Japan, told The Straits Times that such personal data is “non perishable”, and that “”they can replicate your identity, for instance, to start a new bank account in your name… and the information can be sold again and again”.
Prevention Better Than Cure
Having your identity stolen is scary, but what’s scarier is knowing you’re partially to blame for not being vigilant.
To avoid having your identity stolen in the first place, here’s a short guide that can save your ass.
1. Real government sites use this URL: ‘www.(agency name).gov.sg’. Anything else is fake and most probably a phishing attempt. Only real government websites are allowed to use the gov.sg domain name. Fake sites will use other domain names like .org or .net.
2. Official websites that require you to transfer personal information or money have to be secure. To see if the site is secure or not, look out for the “Secure” sign on the left side of the URL:
Alternatively, just look for the lock symbol:
The lock symbol indicates that the secure version of HTTP, HTTPS, is present, allowing you to transfer personal or bank details safely. Do not enter sensitive information into a website that doesn’t start with https://.
3. Low-resolution images or grammatical errors are tell-tale signs of a fake website that was put together in a rush. Remember, our government knows better than to tar its image with low-quality websites, so keep your eyes open!
4. To guard against e-mail scams, check out the sender’s e-mail address before clicking on any links via e-mail. Note that government e-mails always end like this: @[agency name].gov.sg
Be Safe Rather Than Sorry
With the increase in phishing scams, remember that staying vigilant is key, and only you are responsible for your own safety!
Featured image from ICA