Scam Alert
-
Beware of scammers posing as government officials to obtain SingPass info: Police
If someone knocks on your door and introduces themselves as a SkillsFuture government official, asking you for your Singapore Personal Access (SingPass) credentials, be on your guard.
There has been a rise in police reports on such cases, the police said in a statement jointly issued with SkillsFuture Singapore on Friday (Aug 17).
Since July this year, at least 10 reports were made about individuals posing as government officials, going door to door to promote the use of SkillsFuture Credit.
The impersonators asked for victims' personal particulars, SingPass credentials and mobile phone numbers, saying they would help check if the victims were eligible for SkillsFuture Credit.
They also asked victims, many of whom are elderly retirees, to surrender their mobile phones and OneKey tokens if they had them, and many did so.
Once they had the information, the impersonators used the particulars and mobile phone or token to apply for courses using their SkillsFuture Credit.
The SkillsFuture Credit scheme, which was introduced last January for more than two million people, gives Singaporeans aged 25 and older an initial $500 credit to pay for skills courses.
SkillsFuture Singapore said it "takes a stern view of any abuse of the SkillsFuture Credit and is working closely with the Singapore Police Force to take the necessary action against the parties involved".
The police advised the public to take the following precautions:
- Always ask for and check the identification pass of the person claiming to be a government official;
- Call the government agency's official telephone number to confirm the identity of the person; and
- Do not provide your personal particulars, SingPass credentials, mobile phone or tokens to strangers. The information can be used to access various digital services provided by government agencies.
-
'John Richard' calling from ICA is a scammer, says the authority
If you have received a call from someone named John Richard who claims to be from the Immigration & Checkpoints Authority (ICA), be on your guard.
The caller is phishing for personal information like bank details, driving licence numbers and other personal particulars, ICA said in a statement on Friday (Oct 13).
The man, who reportedly calls himself "John Richard", uses the number 6542-5314 to target victims, saying he is calling from the ICA Airport Logistics Park general office.
ICA clarified that the calls were not made by its officers, and added that it does not call the public to ask for personal information over the phone.
The police have been alerted of the scam.
ICA advised the public to ignore the calls and the caller's instructions. It also advised the public not to provide any personal particulars to the caller or transfer any money to him.
It added that it takes a serious view of such scam calls as it undermines public trust in ICA.
Those with information on the scam calls may submit information online at www.police.gov.sg/iwitness or call the police hotline at 1800-255-0000.
Just last week, ICA warned the public about scam callers who impersonate ICA officers in a bid to obtain passport numbers.
Those calls were made from this number: +65 6214-8427.
Also last week, ICA raised the alert about a fake website that was dressed up to look like the official ICA website.
Called singaporeonline-epass.com, the site aims to trick visitors into revealing their visa reference and passport numbers.
-
Man loses $5,600 to scammers running fake Singapore Police Force website
claimed to be a police officer. The scammer told the man that he was involved in a case of money laundering, and asked him for his personal details.
The victim then received a call from another scammer who directed him to a website that resembles SPF's website.
He was told to provide his personal information such as his name, personal identification number, bank account details and passwords.
The victim later realised that two transactions had been made from his bank account without his consent.
The scammers reportedly told him to delete the bank notifications, which indicated the sum of money that had been transferred.
The police said in their statement on Friday that the website is a phishing site in disguise, designed to extract personal information and banking details of victims in hopes of getting money from them.
The official SPF website is at www.police.gov.sg, and the police advised the public to take the following precautions when they receive unsolicited calls, especially from people they do not know:
1. Ignore the calls. Scammers may use Caller ID spoofing technology to mask the actual phone number and display a different number. Calls that appear to be from a local number may not actually be made from Singapore. If you receive a suspicious call from a local number, hang up, wait five minutes, then call the number back to check the validity of the request.
2. Ignore instructions to remit or transfer money. No government agency will inform you to make a payment through a telephone call, especially to a third party's bank account.
3. Refrain from giving out personal information and bank details, whether on the website or to callers over the phone. Personal information and bank details, such as internet bank account usernames and passwords, OTP codes from tokens, are useful to criminals.
Additionally, the police cautioned the public to be wary of befriending strangers online who ask to use their bank accounts as they may be used as money mules.
To avoid this, adopt the following crime prevention measures:
a. Do not give your personal particulars or bank account details to strangers.
b. Decline any request by acquaintance for money transfers - you might unwittingly be committing a crime by laundering money for another party.
c. Report to the police and the bank immediately if you suspect that you have received unknown monies in your account.
d. If you are approached by anyone who claims to be a police officer, ask for the warrant card. If you are in doubt, please dial 999 for urgent police assistance.
e. If you have information related to such crimes or if you are in doubt, call the police hotline at 1800-255-0000, or submit the information online at www.police.gov.sg/iwitness.
-
Received an SMS claiming to be from UOB? It could be a phishing website
The Singapore Police Force has issued an official statement on its Facebook page, warning netizens about phishing websites.
This comes after some netizens were reportedly tricked into giving their personal information, including credit card details after responding to SMSes reportedly sent by United Overseas Bank (UOB).
However, the victims later realised that there were unauthorised transactions in various foreign currencies made to their credit cards.
The victims each described having received an SMS allegedly sent by UOB, in which they were asked to visit a link provided.
They would then be directed to a website that resembles a genuine bank website and asked to enter personal information, as well as credit card details.
Among the information asked were the credit card number, date of expiry and Card Verification Value of the respective cards.
In each of these cases, the scammers then downloaded the ‘UOB Mighty App’ without the knowledge of the victims, and entered the data provided by the victims.
This led to the victims receiving One-Time Password (OTP) prompts sent by the bank to their mobile phones, which they were asked to key into the website.
The victims subsequently received SMS notifications that foreign transactions were made on their credit cards.
One victim, Stephen Tay posted on Facebook about his experience, saying:
“Got this SMS an hour ago and it only states a link to uob-mob_com (I switched the . to a _ to prevent Facebook from leading you to the actual link)
“Beware! This is a new form of spoofing to get your login information.
“The domain name is not owned by UOB and was just registered as the SMS was sent out.
“If you see such messages, delete them!”
In response to the incidents, the police urged members of the public to be vigilant in their post.
Read the post:
“A) Be wary when you are asked to disclose your personal information and bank account details over the internet.
“B) Beware of phishing websites that may look genuine. Look for signs that you are using a legitimate or secure website. These websites are generally encrypted to protect your details. Secure websites use 'https:' instead of 'http:' at the start of the internet address, or display a closed padlock or unbroken key icon at the bottom right corner of your browser window.
“C) Report any fraudulent charges detected in your credit card bills to your bank immediately.”
It also encouraged victims to call the helpline or go to www.scamalert.sg to get advice on scams and how to avoid them.
-
14 under probe over scams involving more than $380,000
Fourteen people are being investigated for their suspected involvement in various scams involving more than $380,000, the police said on Sunday (March 4).
Six men and eight women were rounded up by officers from Ang Mo Kio Police Division during a two-day operation from Feb 28 to March 1.
The suspects, aged between 15 and 67, are being investigated for the offence of cheating, which carries a punishment of imprisonment for up to 10 years and a fine under the Penal Code, or money laundering, which carries a punishment of imprisonment for up to 10 years and/or a fine of up to S$500,000 under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act.
The police advised people to not share their personal information, such as NRIC numbers, bank account numbers, one-time passwords, or SMS verification codes with anyone, to avoid becoming a scam victim.
Other measures include buying goods only from authorised dealers, paying only on delivery whenever possible, and being aware that scammers may provide a copy of an identification card or driver's licence to gain their trust, though it it may not belong to the person communicating with them online.
" Persons found to have allowed their bank accounts to be used by criminals may also be investigated and prosecuted," said the police in a statement.
"To avoid being an accomplice to a money laundering offence, members of the public should always reject requests to use your bank accounts, as your account may be used to launder the proceeds of crime."
For scam-related advice, members of the public may call the anti-scam helpline at 1800-722- 6688 or go to www.scamalert.sg
-
Bitcoin SMS scams on the rise
In January this year, a text message from an unidentified sender informed Mr James Quak, 41, that he had one bitcoin waiting to be redeemed in his account.
All he had to do was click on the link forwarded and he would instantly be $18,000 "richer", based on the market value of the cryptocurrency that day.
Instead of succumbing to greed, Mr Quak, who is self-employed, ignored the message. He said: "There is no such thing as a free lunch. No one will give you free money. The minute I saw the message, I knew it was a scam and ignored it ."
In doing so, Mr Quak not only avoided being phished for personal information and passwords, but he also prevented his phone from being hijacked to mine for cryptocurrency.
MALWARE
Cyber security firm Palo Alto Networks released data last week that shows globally, cyber criminals have turned sharply from disseminating ransomware to spreading cryptocurrency-mining malware.
In January this year, 65,512 samples of this particular form of malware was discovered, an increase from the 2,368 samples found in January last year.
This is in "response to the surging value of cryptocurrencies", noted the report.
Prices of bitcoin rose to an all-time high of $26,125.71 last December before dipping. It currently hovers around $14,000.
Bitcoin-related SMS scams have also popped up globally, with the Australian media reporting that many Australians have been receiving messages instructing them to click on links to confirm their accounts and claim bitcoins.
A report in local media cited a handful of people here who have received similar texts.
The Cyber Security Agency of Singapore (CSA) has yet to receive reports of such scams here, but Mr Douglas Mun, deputy director of CSA's National Cyber Incident Response Centre, said the website link in the SMS received by Mr Quak redirects to a phishing website.
When users click on the link, it redirects them to a website called The Bitcoin Code, which asks for personal information, including full name, e-mail address and phone number.
According to Mr Mun, this modus operandi is similar to other phishing scams.
Beyond phishing, there may be something more insidious at play here.
A spokesman for cyber security firm Check Point Software Technologies said: "By just inputting your e-mail address on the website, users potentially expose themselves to a drive-by download."
Drive-by downloads happen without a person's knowledge, and the spokesman said they could potentially contain cryptocurrency-mining capabilities.
These tap into mobile phones' computational power for cryptocurrency-mining purposes.
Cryptocurrencies such as bitcoin have to be mined virtually, as they do not have a physical representation.
This is done by using a computer's processing power to solve complex mathematical algorithms. The more algorithms solved, the more cryptocurrency is earned.
Mr Matthias Yeo, chief technology officer of Symantec Asia Pacific, noted that there has been an upward trend in cases of malware mining.
He added: "The widespread popularity of mobile phones has given unsavoury characters a larger pool of computational power to tap on.
"What is more, mobile phones are highly advanced nowadays, with them being more akin to mini computers. As such, they are more than capable of mining cryptocurrencies."
While cyber security experts said security apps from reputable security vendors can identify and remove such malware, the best course of action would be to ignore unfamiliar links.
According to the CSA, users who have provided their personal information should monitor their phones and e-mail accounts for unusual activities.
They can also go to www.csa.gov.sg/gosafeonline to learn about how to defend themselves against phishing scams.
How to tell if your phone has been hacked for cryptocurrency mining
How do you know if your mobile phone has been hacked for cryptocurrency mining? Here are some signs you should look out for, according to Mr Matthias Yeo, chief technology officer of Symantec Asia Pacific.
- Your mobile phone battery overheats and drains quickly despite no detectable processes running in the background.
- Your mobile phone starts to slow down dramatically, due to high central processing unit usage.
- There is an increase in outbound connections. This is reflected by an unexplainable and sudden increase in your monthly data usage.
- Your contacts start to receive similar spam messages. The malware can collect information from your phone's database and propagate from there.
-
Police probe 100 people for 277 scams involving over $770,000
The police are probing 100 people for their suspected involvement in 277 scams involving more than $770,000.
The suspects, 57 men and 43 women aged between 15 and 64, are being investigated for the offence of cheating.
They were discovered after a three-day islandwide operation from Tuesday to Thursday.
If found guilty of cheating, they can be jailed for up to 10 years.
If convicted of money laundering, they can be jailed for up to 10 years and/or a fine of up to $500,000.
The police said on Friday (March 23) that they have observed a pattern of criminal syndicates recruiting money mules to use their personal bank accounts to receive and transfer the gains from victims of scams.
These syndicates usually befriend victims online, through dating websites or social media platforms, and pretend to offer them a "fast-cash" or "work-from-home" job offer.
Money mules are often asked to open new bank accounts in Singapore, before passing ATM cards, PINs and bank accounts to others.
In criminal cases, the accounts end up being controlled by syndicates that are often based overseas.
The police warned the public that bank account holders are accountable for any transaction made in their accounts.
Those whose bank accounts are found to have been used to receive criminal proceeds will be liable for money laundering offences, even if they had acted unwittingly.
-
Fake ICA website phishing for passport, visa reference numbers, says authority
The Immigration and Checkpoints Authority (ICA) on Tuesday (April 17) warned the public about a fake ICA website that is phishing for visa reference numbers and passport numbers.
The website, at www. mom-sg-gov.ml/save.ica.gov.sg/save-public/index.html, looks similar to ICA's official website.
However, ICA's official website at www.ica.gov.sg is on the secure "https" extension, and has differences in logo size, font size and colours.
The fake site invites visitors to fill in visa reference numbers or FIN numbers, as well as the applicant's travel document numbers.
ICA said a police report has been made, and it advised the public to exercise caution so that they do not unwittingly fall prey to such fake websites.
"We would like to assure everyone that access to the official ICA website remains unaffected and no data has been compromised," ICA said.
It added that it takes a serious view of such fake websites as they undermine public trust in its system and processes.
"We will work to bring down the website and continue to monitor them," ICA said.
-
ok
-
Beware WhatsApp ‘takeover’ scams: Police
The police have warned WhatsApp users here to be wary of a new scam being conducted on the popular messaging platform, which could result in victims losing access to their accounts, and their friends and family members deceived into buying online gift cards.
In a statement on Wednesday (April 18), the police said they had received reports of WhatsApp users losing control of their accounts to the scammers. But they did not say how many users in Singapore have been affected, or indicate how much money the victims might have lost.
This is how the scam works:
- The victims would first receive a message from one of their contacts – whose WhatsApp account might have already been compromised – requesting for the WhatsApp account verification codes that they have received via SMS to be sent to him or her.
- Once the verification codes are sent to the scammers, the victims would lose access to their WhatsApp account.
- The scammers would then use the compromised accounts to deceive people on the victims’ contact lists into buying online gift cards, and sending over the password for the cards.
- The scammers would then profit by re-selling the gift cards online.
The police urged WhatsApp users here to be wary of unusual requests received over the messaging platform, even if they came from people they know.
“Always call your friend personally to verify the authenticity of the request if in doubt,” the police added, encouraging users to enable the “two-step verification” feature that would prevent others from compromising their WhatsApp account.
Those with more information on this variant of the WhatsApp scam can call the police hotline at 1800-255-0000, or dial ‘999’ for urgent Police assistance.
Members of the public may also call the National Crime Prevention Council’s anti-scam helpline at 1800-722-6688 or visit www.scamalert.sg to seek advice on scam-related matters.