SINGAPORE — The police have warned the public of a “surge” in phishing scams targeting Singpass users through unsolicited SMSes containing links that direct them to a spoofed website.
Some victims ended up with unauthorised transactions charged to their credit cards after their Singpass login details were stolen, the authorities said in an advisory on Sunday (Oct 2).
“This is a new variant of phishing scams for which police have observed a rising trend for,” the authorities added.
Detailing how the scam happens, the police said that members of the public would receive unsolicited SMSes from a sender ID resembling Singpass, such as “MySingpass” or “SGSingpass”.
“The SMSes would indicate that the recipients’ Singpass accounts had been or would be deactivated, and that they were required to conduct facial verification,” said the police.
The recipients would then be instructed to log into their Singpass account through a web link provided in the message, which directs them to a spoofed Singpass login webpage.
Upon keying in their Singpass ID and password, victims will then be led to a Two-Factor Authorisation page where they would be prompted for their Singpass One-Time Password (OTP).
The individuals would only realise that they had been scammed when they receive alerts from Singpass informing them that their profiles had been updated.
“In some cases, the victims would receive alerts that they had signed up for bank accounts and credit cards….
