Phishing Scams

Phishing Scams

Phishing Scams

Phising scams

Phishing scams involve emails, messages, calls, or advertisements by scammers posing as government officials, financial institutions or businesses. Victims would be tricked into revealing sensitive information such as usernames, passwords, banking credentials and/or debit or credit card information by clicking malicious links or via phone calls. Upon acquiring the victims ’information, scammers would perform unauthorised transactions on the victims’ bank accounts or debit/credit cards.

At least S$14.2 million lost to scammers

Annual Scams and Cybercrime Brief 2023

Common signs of phishing are:

  • Clickable links from unsolicited/Random emails, messages, images, or advertisements.

  • Spoofed website addresses (E.g., www.m1cr0soft.1234.com.co)

  • Unsecured website pages (E.g., websites without lock icon and https:// in the address bar) ​

  • Requests for your One-Time passwords (OTPs), personal or banking details. ​

  • Prompts you to download attachments or third-party apps outside official app stores.

For bank phishing

Victims will receive SMS alerts about potential unauthorised access to their bank accounts, prompting them to click on embedded URLs to verify their identity and stop the transactions.

For e-commerce/parcel delivery phishing

Messages or emails are designed to look like they were sent by postage and e-commerce logistics companies such as Singapore Post (SingPost) and contains phishing link.

For IRAS phishing

IRAS does not process tax refunds to credit/debit cards. IRAS will never send any confidential tax information and tax documents such as tax returns, notices of assessment, tax refund letters via emails.

Examples of Phishing scams

How to stay safe

ADD:

  • Add and use only official banking apps downloaded from official app stores (Google Play Store or Apple App Store) to make transfers or payments. ​

  • Add ScamShield app and set security features such as 2FA for banking apps, social media and Singpass accounts. Set transaction limits on internet banking transactions, including PayNow and PayLah.

CHECK:

  • That you do not use clickable links or QR codes provided by unknown persons to make payments/transfers, as these lead to fake bank websites that phish for your banking credentials. ​

  • Never disclose your personal information, internet banking and social media account details, and one-time passwords (OTPs) to anyone.​

  • Always verify the authenticity of unsolicited clickable links you receive and check the webpage addresses for discrepancies.

TELL:

  • Warn your friends and family about your scam encounter.​

  • Call your bank immediately and make a police report if you think you have fallen victim.

For bank phishing

  • Banks will never send you any clickable links via SMS.

  • Legitimate SMSes from banks will reflect their officially registered SMS Sender ID.

For e-commerce/parcel delivery phishing

  • Verify the authenticity of the information with company or e-commerce platform directly. ​

  • Use only official banking apps downloaded from official app stores (Google Play Store or Apple App Store) to make transfers or payments. ​

  • Set transaction limits on internet banking transactions, including PayNow and PayLah.

For IRAS phishing

  • Receive refunds securely: Any tax refunds are automatically credited into taxpayers’ bank account registered with IRAS or via PayNow (NRIC/FIN/UEN) accounts. Taxpayers can check for updates on any refund in IRAS’ myTax Portal. For further details, please visit IRAS’ website at https://www.iras.gov.sg/quick-links/refunds.

  • Pay securely: GIRO is the preferred payment mode. For payments to IRAS made via internet banking, ATM bill payment and AXS mobile, select “IRAS” from the list of payees. Taxpayers can also pay using PayNow QR on myTax Portal. Learn about payment modes for different tax types to IRAS. IRAS will not ask taxpayers to pay taxes through third parties or intermediaries’ bank account. For tax matters, transact securely on myTax Portal ( mytax.iras.gov.sg): It is a secured and personalised portal for taxpayers to view and manage tax transactions with IRAS. SingPass authentication is also required before any transactions can be performed.

  • Correspond with us on myTax Mail: Use myTax Mail to correspond with IRAS. IRAS will notify taxpayers via SMS when we have replied. For added security, we will respond to taxpayers via myTax Mail if their query contains confidential information.

Emailing IRAS:

  • Always check before clicking on any links in the email that give you instructions to follow some steps to receive the tax refunds. Do not give away your online banking details (username, password or One-Time-Password) or credit card/debit card details.

  • Always check the email address even though the sender ID shows ‘IRAS’. Sender ID can be spoofed to make the email looks legitimate. A legitimate email address from IRAS ends with @iras.gov.sg".

  • IRAS will not send emails on tax refund amount or contain confidential documents : IRAS does not send out confidential documents such as tax return forms, notices of assessment, refund letters or other tax statements through unsecured emails. Confidential documents are deposited and can be retrieved from myTax Portal (mytax.iras.gov.sg).

Learn more about phishing scams

Asked to pay extra delivery fees to ship your parcel? It could be a scam

Received an unsolicited link? Here’s how to check if it’s legitimate

Received an offer for your listed item? Beware of clickable links from buyers

Encountered this scam? Report it!

If you have transferred money to a scammer, please visit this page for a list of immediate actions: I've Been Scammed!

Help keep the community safe by reporting any instances of this scam you’ve seen or experienced with the ScamShield App.

PREVIOUS

Fake Friend Call Scams