Singapore Police Warn Citizens of Prevailing SMS Phishing Scams

The Singapore Police Force has warned citizens about SMS fraud targeting people with similar sender IDs. 

The public has been advised not to share their credentials in response to any SMS with web links asking recipients to login into their accounts and share their passwords.

On Sunday, the Singapore Police Force (SPF) warned people about an SMS phishing scam targeting victims with similar sender IDs. Scammers apply sophisticated fraudulent techniques to obtain the Singpass users’ login credentials. 

The police said that proliferating cases regarding monetary scams are a sensitive matter. In these scams, people receive unsolicited SMS with the Sender’s ID that contains similarities to Singpass like MySingpass or SGSingpass.

In SMSes, it’s shown that the Singpass accounts of the recipients had been or will be deactivated soon. So the recipients must conduct a facial verification process for which they must log into Singpass through a web link that scammers provide in the messages. 

When a person clicks on the link, they are directed to a Singpass login webpage and require credentials such as a Singpass ID and password.

After that, they are required with a two-factor authentication page that asks for the Singpass one-time password. People only realise that they have been scammed when they receive an alert from Singpass regarding the upgradation of their profile or a notification that they had signed up for bank accounts.

The police said, “While the authorities have taken down the phishing websites, user vigilance is crucial in our fight against evolving scams.”

Authorities addressed the issues and said, “The police and GovTech would like to advise members of the public to be on heightened alert.”

The public has been advised that Singpass doesn’t send any SMS with web links asking recipients to login into their accounts and share their credentials, such as passwords and one-time passwords; that’s why people should not share their personal data in any way. 

“If you suspect that your Singpass account has been compromised, reset your Singpass password immediately,” said the police.

Users have been advised to update their contact details and enable notifications through their Singpass app to get an immediate alert in case of any suspicious login. 

Suggested Read: Danske Bank Fined €1.82m Over AML and CTF Breaches