Scam website masquerades as govt support scheme portal
The police are investigating a scam website masquerading as a government portal that shows Singaporeans the various support schemes they are entitled to.
The phishing campaign was detected by cyber-security firm Group-IB, which released a statement on Dec 13 about how the scam works.
Victims were sent a link through SMS directing them to a bogus version of the SupportGoWhere website, where they were told to input their personal information and credit card details for verification purposes.
They were then required to provide their bank’s two-factor authentication code to claim the purported subsidies.
Group-IB said the phishing campaign began in mid-December and is associated with 20 other fraudulent sites, with another 612 dormant sites believed to be linked to the same perpetrators.
Further analysis of the phishing site showed that the same framework was being used in other scams, including some that ask victims to to pay parking fines or require them to fill in personal details to resolve failed deliveries.
“By impersonating trusted entities like government initiatives, these attackers are preying on public goodwill and urgency,” said Mr Vladimir Kalugin, operational director of Group-IB’s Unified Products.
He added: “It is crucial for individuals to remain vigilant and cautious when receiving unsolicited messages, particularly those requesting personal or financial details.”
The police confirmed that a police report has been lodged.
In response to queries, a Government Technology Agency spokesperson on Dec 23 said the agency is aware of the findings by the cyber-security firm and takes the issue of malicious websites seriously.
The spokesperson added that initiatives like ScamShield and the Scam Analysis and Tactical Intervention System have allowed the disruption of hundreds of malicious websites on a daily basis. However, with the proliferation of such scam websites, some may slip through the cracks, requiring vigilance from the public.
To that end, the spokesperson said people should avoid scanning or clicking on unknown QR codes and links that come from unknown senders.
SMS messages from government agencies should originate from the gov.sg sender ID. Exceptions to this can be found on sms.gov.sg/exceptions
People should also ensure that links to government websites end in “.gov.sg” before clicking on them or providing any personal information, and any suspicious messages or phishing attempts should be reported through ScamShield or other appropriate channels.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now