Scammers targeting victims through SMS to obtain Singpass login credentials: SPF

Be on alert.

Alfie Kwa| October 02, 2022, 04:27 PM

Follow us on Telegram for the latest updates: https://t.me/mothershipsg

The Singapore Police Force has observed a surge in phishing scams where scammers target victims through SMSes to obtain Singpass login credentials.

How do the scams happen?

Victims would receive unsolicited SMSes with the sender’s ID containing similarities to “Singpass”,  like MySingpass, or SGSingpass, indicating that the recipients’ Singpass accounts had been or would be deactivated and that they were required to conduct facial verification.

Recipients would log into Singpass through a web link provided in the SMSes, but upon clicking on the web link, the victims would be directed to a spoofed Singpass login webpage, where they would be required to enter their Singpass ID and password.

Victims would then be led to a 2FA page where they would be prompted for their Singpass One-Time Password (OTP).

They would realise that they had been scammed when they received alerts from Singpass that their profiles had been updated. In some cases, the victims would receive alerts that they had signed up for bank accounts and credit cards.

In some cases, unauthorised transactions were also charged to credit cards.

How to avoid this?

Singpass does not send SMSes containing web links asking you to log in with your credentials.

The official SMS’ sender identity for Singpass is labelled as ‘Singpass’ or ‘SingPass’.

Users can verify the authenticity of claims against their Singpass account via the official Singpass hotline at 63353533 and press “9” for 24-hour scam support.

Also, ensure that the Singpass website domain you are accessing is singpass.gov.sg, with a 'lock' icon in the address bar.

The log-ins to Government services should only be done at websites with domains ending with “.gov.sg”. If you received a link that does not end with “.gov.sg”, check against the list of trusted websites here.

Users should make it a point to update their contact details registered with Singpass and enable notifications via their Singpass app so that they can be promptly alerted of suspicious logins.

Also, never disclose your personal or Internet banking details and OTPs to anyone.

What to do if this happens to you?

If you suspect that your Singpass account has been compromised, reset your password immediately.

You should also report any fraudulent transactions to your bank immediately.

If you, or someone you know, have received a suspicious SMS related to Singpass, please contact the official Singpass hotline at 63353533.

You may also call the Police Hotline at 1800-255-0000, or submit a report online here.

If you require urgent Police assistance, please dial ‘999’.

For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Hotline at 1800-722-6688.

For more information and tips on how you can transact with Singpass securely, visit go.gov.sg/even-safer-singpass.

All images courtesy of SPF.