Scammers successfully send SMS phishing links using SingPost name, nestled within actual SingPost texts

SingPost has reported the matter to the police.

Mandy How | March 06, 2019, 06:19 PM

[Editor's note on Mar. 7, 12:35pm: The headline and lead-in have been amended for greater accuracy.]

Scammers have somehow managed to send SMS messages grouped together with SingPost's actual ones, and are putting out phishing links under the guise of lucky draw prize redemptions.

Lucky draw winner

Here's an example of a phishing attempt by the SingPost impersonators on March 4, 2019:

Phishing is an attempt to obtain sensitive information, such as names, passwords, and credit card details from the victim.

The scammers usually disguise themselves as well-known or trustworthy corporations over electronic communications.

In SingPost's case, customers were encouraged to click on the link to claim their prizes, divulging sensitive information in the process of doing so.

What makes it particularly dangerous is that the scammer's messages are nestled within actual messages from SingPost, which makes it slightly more believable than if it came from a random number.

Police report made

SingPost is aware of the matter and has made a police report.

The company has also conducted a review of their IT systems, and confirms that they have not been compromised.

The case is currently under investigation.

Additionally, it seems like POSB/ DBS and UOB have been hit with similar tactics, although it is not clear if the cases are related.

Members of the public can call call SingPost's hotline at 1605 to verify the authenticity of any call, text message or email.

For more information on how safeguard against such scams, click here.

This is SingPost's statement in full:

"SingPost has been alerted to text messages impersonating us being sent to members of public. These text messages appear under the sender name “SingPost”, and typically entice recipients to claim a prize by following a hyperlink.

SingPost would like to unequivocally state that these messages are not sent by us but are part of an impersonation scam. We have reported the matter to the Police, who are currently investigating this. We have also conducted a review of our IT systems and can confirm that our systems have not been compromised.

Should members of the public receive such a text message, call or email claiming to be from SingPost, please do not provide any personal information, including full names, NRIC numbers, credit card and bank account details, or transfer any money that may be requested.

Members of the public can also call our hotline at 1605 should they wish to check on the authenticity of any call, text message or email purportedly sent by us.

More information on how to safeguard against scams can be found here: https://www.singpost.com/online-security-you"

Top image via Mothership Reader and SingPost/Facebook