After targeting bank customers, scammers are now trying to obtain Singpass login details from Singaporeans.
They are doing this by sending an SMS that contains a phishing link to potential victims.
The police have thus warned the public to be vigilant.
In an advisory released on Sunday (2 Oct), the Singapore Police Force (SPF) said they’d observed a surge in a certain type of scam. Namely, scams where victims would receive SMSes from scammers that contain phishing links.
The motive is to get their Singpass login details, enabling the scammer to access an array of personal and financial services.
Explaining how the scam works, SPF said victims would receive an unsolicited SMS from a sender whose ID is similar to “Singpass”.
For example, it could be something like “MySingpass”, “SGSingpass”, or some misspelt version of the word.
The SMS will usually say that the victim’s Singpass has been or will be deactivated, and facial verification is needed.
The SMS will include a link that the user is supposed to click to perform the so-called facial verification.
SPF said the link is a phishing link that will direct victims to a spoofed Singpass website.
The fake website is identifiable from its strange URL that will have nothing to do with Singpass.
The victim must enter their Singpass ID and password to “log in” to the website.
They will then be directed to a webpage that seems to be for two-factor authentication (2FA).
There, victims will be prompted for a One-Time Password (OTP).
If victims fall for the scam and enter their login details, they will know soon enough.
Firstly, their Singpass profile will be updated, and they will receive alerts from Singpass informing them of this.
However, in some cases, there would be other consequences.
They would get an alert that they’d signed up for bank accounts and credit cards.
Worse still, unauthorised transactions might be charged to the credit cards.
SPF shared some advice on how Singaporeans can be vigilant against the Singpass scam to avoid being scammed.
Firstly, Singpass doesn’t send people SMSes with clickable web links. This is also practised by banks, which were told to remove clickable links in their SMSes.
If an SMS makes certain claims regarding one’s Singpass account, users may call Singpass at 63353533 and dial “9” for their 24-hour scam hotline.
Secondly, if Singpass sends you an SMS, the sender ID would be “Singpass” or “SingPass”, and nothing else.
Thirdly, if you’re accessing the Singpass website, its URL should be “singpass.gov.sg”, with a lock icon in the address bar. Here’s an example of the real website as seen on a desktop computer:
This is what the real Singpass website looks like on a smartphone:
Fourthly, government services should be assessed only via trusted websites — mainly those with URLs ending in “gov.sg”. A list of trusted websites that don’t end with “gov.sg” can be found here.
The police also recommended that citizens update their contact details in Singpass and enable notifications by the Singpass app so that they can be alerted of suspicious logins. Personal or Internet banking details and OTPs should never be shared with anybody.
If users suspect that their Singpass account has been used by someone else, they should reset their password immediately. If suspicious bank transactions are detected, the bank should be contacted immediately.
Even if you haven’t been targeted yet, it doesn’t mean you won’t be targeted in future.
So if you or someone you know gets a suspicious SMS related to Singpass, do call the Singpass hotline.
Alternatively, you may call the police at 1800-255-0000 or file a report online—dial “999” only when urgent police assistance is required.
More advice on Singpass safety can be found at go.gov.sg/even-safer-singpass.
For more info, visit the Scam Alert website or call the Anti-Scam Hotline at 1800-722-6688.
Have news you must share? Get in touch with us via email at news@mustsharenews.com.
Featured image adapted from NordWood Themes on Unsplash and SPF.
One elevator is now functional while repairs on the second are expected to complete by…
The driver who hit one of the cats purportedly denied doing so behaved angrily.
It has been marketed online as a candy that helps with male sexual enhancement.
"POP MART does not have any official licensed partners in Singapore," it said.
51% of Singapore's average monthly rainfall in November fell in northern Singapore over less than…
He made sure all the passengers were served before taking a slice for himself.