New phishing scam victims receive unsolicited messages from senders similar to Singpass
Singapore. The Singapore Police Force recently issued a warning of a new type of phishing scam that targets victims to get their Singpass login credentials.
According to the news release, there has been a surge of cases where people would receive SMSes with senders that bear similarities to Singpass, such as SGSingpass or MySingpass.
More from OMY: Scam Alert! Fake SMS telling users to reactivate their expired SingPass account
Victims report that they received a message that their Singpass account was or would be deactivated, and they needed to conduct facial verification to bring it back. Then, they would be asked to log in to a malicious link provided in the SMS. The victims would also be led to an authentication page asking for their one-time password.
Upon giving information, the Singpass holder would receive alerts from the real Singpass about their updated profile, therefore alerting them of the scam. There are also people who reported receiving alerts that they signed up for bank accounts and credit cards after falling victim to the scam.
The police reminded Singaporeans that although these phishing websites had been taken down, people must exercise vigilance at all times.
Singpass never sends SMSes that contain web links that ask people to log in with their credentials, including their passports and one-time pass. Moreover, the SMS sender is always “Singpass” or “SingPass.” The Singpass website domain is also singpass.gov.sg, and there should be a lock icon in the address bar.
For Singpass users who want to verify the authenticity of claims against their account, they can call 6335 3533 and press 9 for 24-hour scam support 6335 3533 and press 9 to access 24-hour scam support.
More from OMY: Over 415 victims of parcel delivery phishing scams in Singapore since Jan