Throughout 2022, threat actors have been masquerading as the postal service Singapore Post (SingPost) and one of Singapore’s leading telecommunications companies Singtel. Victims are being targeted by phishing emails that appear to be from Singapore Post or Singtel.
In these emails, users were sent messages informing them of fake billing issues or outstanding payments with links to fraudulent websites that asked for their personal information. According to The Straits Times, as of November 2022, at least 85 people have lost around $237,000 because of these scams.
While these scams have been widely reported by multiple outlets including The Independent, the threat actors and their methods have not been scrutinized in public. In this blog, I’ll break down my findings and ways you can protect yourself or corporation from phishing attacks.
A breakdown of the Singapore Post phishing campaigns
Most of the phishing campaigns imitating Singapore Post use dedicated phishing domains. By investigating newly registered domains that include targeted words like “singapore,” “singpost,” or “sgp,” I was able to identify infrastructure and additional phishing domains. As part of this pivot, I also found generic words, such as “update,” “track,” and “post,” also being used in other domains.
Here’s a breakdown of the phishing campaigns targeting Singapore Post.
First campaign: Faux package delivery
The first campaign appeared around mid-October and…
