Nigerian princes and WeChat hookers aren’t the only online scam artists Singaporeans should beware of.
Phishing sites set up to impersonate government and banking websites pop up all the time now, and if you’re not careful you could find your IC number / banking details / login details stolen by these sites.
And if you think that’s not serious, imagine the possibility of someone logging into your ibanking account and stealing your money, buying things using your credit card or banking details or using your IC number to do dodgy things.
Given that most of our life is now online (some of us don’t even remember what an actual tree or person looks like anymore), there are multiple chances to fall prey to phishing sites, whether you’re transferring money to a blogshop seller or applying for a visa online.
The latest recorded phishing site tried to pass itself off as the Immigration and Checkpoints Authority of Singapore. Check out how similar it looked to the real thing here. Sure, they made some boo-boos, like spelling “Singapore” as “Singapure”, but nobody reads all that text anyway.
Before you log into a government website and get your IC number and SingPass stolen, check for these three things.
Make sure the site has a gov.sg URL
The Singapore government owns the www.gov.sg domain. That means in order to to get a URL ending with gov.sg, phishers would need to hack into the government’s servers and create a site there.
Obviously, that’s a lot harder and riskier than just buying domain space somewhere else and then trying to create a URL that will trick people who don’t bother to read properly or just don’t use the internet that much.
You might think ica.spg.org (the URL used by the ICA website phishers) sounds like a Sammyboy for SPGs, but would the drink stall auntie or your own grandparents realise it? Probaby not.
Also note that while the URLs cpf.gov.sg or mom.gov.sg are legit, cpfboardgovsg.org, singaporegovsg.com or yourmothergovsg.com are not. If you don’t know why, find out.
Retrieve details about the organisation and contact information included on the site
Any government website contains a contact details page with phone numbers, email addresses and a physical address.
Obviously, phishers do not have a legit address and certainly do not want you calling their phone number. Some phishing sites simply omit contact details altogether, since the typical Singaporean logging in using their SingPass details is not going to click on anything other than the Login button.
Most government sites also have an “About Us” page or similar, to reduce the number of people flooding through the doors of the wrong stat board.
This means that these are usually the first few pages you want to check for if you doubt a site’s authenticity. If they’re missing or look dodgy, you could have an imposter on your hands.
If there is a contact number, call it
Phishers may have questionable spelling skills, but they’re not completely dumb. Some do realise that not including contact details looks fishy, and might include a fake number just to throw you off.
Call up the number to see who’s on the other end of the line and you should find out pretty quickly if the so-called government agency is fake.
Obviously, it goes without saying that if you ask “Hi, is this ICA?”, they’re not going to reply “No, gotcha!”
Ask more detailed questions inquiring about the process you’re trying to undertake on the site, or questions only legit representatives would be able to answer. For instance, if you’re about to top up your CPF account, ask them how to do this and see what they say and if it jives with what you’ve done before.
Just because they don’t immediately slam down the phone doesn’t mean they’re not legit, by the way. A garang phisher might even try to fake his way through. But we’re sure you’re smarter than them.
Have you ever come across a phishing site? Share your experiences in the comments!