Scammers Now Trying To Get Singpass Details Via SMS, Police Warn Public To Be Vigilant

Scammers Sending SMS To Victims With Phishing Link That Diverts To Fake Singpass Website, Says Police

After targeting bank customers, scammers are now trying to obtain Singpass login details from Singaporeans.

They are doing this by sending an SMS that contains a phishing link to potential victims.

The police have thus warned the public to be vigilant.

Scammers send unsolicited SMS on Singpass ‘deactivation’

In an advisory released on Sunday (2 Oct), the Singapore Police Force (SPF) said they’d observed a surge in a certain type of scam. Namely, scams where victims would receive SMSes from scammers that contain phishing links.

The motive is to get their Singpass login details, enabling the scammer to access an array of personal and financial services.

Explaining how the scam works, SPF said victims would receive an unsolicited SMS from a sender whose ID is similar to “Singpass”.

For example, it could be something like “MySingpass”, “SGSingpass”, or some misspelt version of the word.

The SMS will usually say that the victim’s Singpass has been or will be deactivated, and facial verification is needed.

The SMS will include a link that the user is supposed to click to perform the so-called facial verification.

Link directs victim to fake Singpass website

SPF said the link is a phishing link that will direct victims to a spoofed Singpass website.

The fake website is identifiable from its strange URL that will have nothing to do with Singpass.

The victim must enter their Singpass ID and password to “log in” to the website.

They will then be directed to a webpage that seems to be for two-factor authentication (2FA).

There, victims will be prompted for a One-Time Password (OTP).

Unauthorised card transactions charged in some cases

If victims fall for the scam and enter their login details, they will know soon enough.

Firstly, their Singpass profile will be updated, and they will receive alerts from Singpass informing them of this.

However, in some cases, there would be other consequences.

They would get an alert that they’d signed up for bank accounts and credit cards.

Worse still, unauthorised transactions might be charged to the credit cards.

Tips on how to avoid being scammed

SPF shared some advice on how Singaporeans can be vigilant against the Singpass scam to avoid being scammed.

Firstly, Singpass doesn’t send people SMSes with clickable web links. This is also practised by banks, which were told to remove clickable links in their SMSes.

If an SMS makes certain claims regarding one’s Singpass account, users may call Singpass at 63353533 and dial “9” for their 24-hour scam hotline.

Secondly, if Singpass sends you an SMS, the sender ID would be “Singpass” or “SingPass”, and nothing else.

Thirdly, if you’re accessing the Singpass website, its URL should be “singpass.gov.sg”, with a lock icon in the address bar. Here’s an example of the real website as seen on a desktop computer:

This is what the real Singpass website looks like on a smartphone:

Fourthly, government services should be assessed only via trusted websites — mainly those with URLs ending in “gov.sg”. A list of trusted websites that don’t end with “gov.sg” can be found here.

The police also recommended that citizens update their contact details in Singpass and enable notifications by the Singpass app so that they can be alerted of suspicious logins. Personal or Internet banking details and OTPs should never be shared with anybody.

If users suspect that their Singpass account has been used by someone else, they should reset their password immediately. If suspicious bank transactions are detected, the bank should be contacted immediately.

Report potential Singpass SMS scammers to the police

Even if you haven’t been targeted yet, it doesn’t mean you won’t be targeted in future.

So if you or someone you know gets a suspicious SMS related to Singpass, do call the Singpass hotline.

Alternatively, you may call the police at 1800-255-0000 or file a report online—dial “999” only when urgent police assistance is required.

More advice on Singpass safety can be found at go.gov.sg/even-safer-singpass.

For more info, visit the Scam Alert website or call the Anti-Scam Hotline at 1800-722-6688.

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image adapted from NordWood Themes on Unsplash and SPF.