Straits Times – More fake govt websites phishing for personal data
ICA – Public advisory on fake ICA website
By: Ronice Li
09 Jun 2016
How to spot a fake government website
The Infocomm Development Authority (IDA) said there is a growing number of fake government websites over the past few years. This is part of a larger upward trend in the number of phishing websites on the Internet. Phishing sites try to trick users into giving their personal or financial information, such as credit card numbers, identity card or passport numbers, or usernames and passwords, through the use of fake websites or e-mail masquerading as official sources.
What are the risks?
The risk of landing on a fake government website can be serious. Divulging personal information to dubious sources can lead to a compromise of your bank accounts, or even identity theft. The latter poses worse problems as criminal activities can be conducted in your name.
Here are 5 ways to spot a fake government website or email:
1. Emails that uses a public internet account
Take a look at the sender’s e-mail address before clicking on any link sent to you via email. Do not trust the email if it was sent via a public account as emails sent by the government will not be sent via a public account. Singapore government email addresses will end with @[agency name].gov.sg. Additionally, do not trust any email or website that asks you to “confirm” sensitive account information as it is surely a scam.
2. Incorrect URL
A tell-tale sign of a fake website is the usage of incorrect suffixes in the URL of the website. ALL government websites will end with ‘www.(agency name).gov.sg’. All Singapore government websites end with gov.sg. Only government websites are allowed to use .gov domain names. Many fake government websites will use domain names such as .org or .net. Below is an example of a fake website with a comparison of the real one.
3. Is not a secure site
Legitimate websites will use encryption to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. You should also check that the address starts with “https://” rather than just “http://”. Do not enter payment information on any site that isn’t secure.
4. Grammatical errors
Watch out for poor English or grammatical errors as it could mean that the site is not genuine and was put together quickly by someone looking to make a quick profit. Before divulging any personal information, take a few moments to browse the website. Read through the ‘About Us’ or ‘Contact Us’ page and see if you see anything suspicious.
5. Low resolution images
Scammers usually put up fake sites quickly, resulting in poor quality websites. If the ministry logo or text appears to be in poor resolution, this might be an important clue that this website should not be trusted.
How to protect yourself against such phishing scams?
Avoid clicking on links in suspicious or unsolicited e-mails. Ignore suspicious call-to-action e-mails such those claiming that “your account will be terminated”. Victims who shared their passwords or usernames should change their passwords immediately and those who have given out personal information should make a police report. Practice common sense and remain vigilant at all times.
Disclaimer: Please practice discretion while encountering such situations, vigilance is key. The list above is not exhaustive and does not guarantee that you will not fall prey on an online scam.