There has been a recent surge in Singpass phishing scams perpetrated via unsolicited SMSes. Please be reminded that you should only make secure transactions on the official websites. For SINGPASS, please visit singpass.gov.sg. For Coinut, please visit coinut.com.
How scams occur
The victims would receive unsolicited SMSes with the sender’s ID that are similar to Singpass, informing them about the supposed deactivation of their accounts and requiring them to respond by logging into Singpass through the link provided in the SMSes.
Apparently, the link will direct the victims to a phishing website that looks like the real Singpass login webpage. Upon logging in, the victims are unknowingly giving their Singpass ID and password to the perpetrators.
The negative outcomes of the phishing scam
With their login credentials being divulged to the criminals, the victims would then receive notifications about their Singpass profiles being updated with incorrect information, signing up for bank accounts and credit cards or being charged for unauthorised credit card transactions.
The steps needed to take if you or someone you know has been a victim of SINGPASS phishing scam (from Police’ Advisory on Phishing Scams Involving SINGPASS)
- Please be reminded that Singpass does not send SMSes containing web links asking you to log in with your credentials (i.e. passwords and OTPs).
- The official SMS sender identity for Singpass is labelled as ‘Singpass’ or ‘SingPass’.
- To confirm the claims about your Singpass account that are indicated in the unsolicited SMSes, call the official Singpass hotline at 63353533 and press “9” for 24-hour scam support. Ensure that the Singpass website domain you are accessing is singpass.gov.sg, with a 'lock' icon in the address bar.
- Update your contact details registered with Singpass and enable notifications via the Singpass app so that you can be promptly alerted of suspicious logins, e.g. when a login on a new device or Internet browser is detected.
- If you suspect that your Singpass account has been compromised, reset your Singpass password IMMEDIATELY.
- Log-ins to Government services should only be done at websites with domains ending with “.gov.sg”. If you received a link that does not end with “.gov.sg”, check against the list of trusted websites at www.gov.sg/trusted-sites.
- Never disclose your personal or Internet banking details and OTPs to anyone
- Report any fraudulent transactions to your bank immediately.
For more information, please visit the Police’ Advisory on Phishing Scams Involving SINGPASS.