Phishing websites

MOM warns of fake website phishing for personal information
Publish by Channel News Asia on 16 Jun 2020 09:17PM

How to identify fake “MOM” websites or phishing eServices
The official MOM website is at https://www.mom.gov.sg. This is where we make available MOM-related information and eServices that enable you to perform your transactions with us safely and securely.

Listed some examples of fake websites that it has found:
http://eponline-sg.com
http://www.mom-sg.org
http://mom-gov.com
http://ministryofmanpower.net
http://wponlinemomgov.sg.com
These looked very similar to our official URL, but do not have ‘.mom.gov.sg’.
Some may even try to embed ‘.mom.gov.sg’ into their URLs but their domain name won’t end with ‘.mom.gov.sg’,”.

Some browser also shows warning signs before access.

How to report fake “MOM” websites, phone scams or email scams
Call the anti-scam helpline at 1800 722 6688 if you notice:
Any websites that you suspect to be fake versions of the official MOM website.
Any calls or emails that you suspect to be scams.

NTUC Fake Instagram
Publish by NTUC on 22 Apr 2020

NTUC real official Instagram handle is @ntucsingapore
Fake NTUC Instagram account is @__ntucsingapore claiming to be from NTUC Singapore and soliciting information for NTUC’s COVID-19 support.

DBS Phishing website

Always access DBS services through DBS official website https://www.dbs.com/.
Avoid clicking on links in unsolicited emails and SMSs.
Sample Websites are below:
https://gronvangenx.gq/secure/banking.dbs.com.sg-IB/posb/index[.]html
https://virutallin[.]gq/secure/update/verification/posb/index[.]html
http://merkez.cf/secure/update/verification/posb/

Go directly to DBS website at https://www.dbs.com/security to view the latest alerts.
Call DBS immediately at the hotlines below if you suspect you’re a victim of fraud or notice any unexpected banking or card transactions.
Singapore: 1800-339-6963 or 6339-6963
China: 400-820-8988
Hong Kong: 2290 8888
India: 1-860-210-3456
Indonesia: 0804 1500 327
Taiwan: (02) 6612 9889 / 0800 808 889

Fake govt websites phishing for personal data
Published by Straits Times on APR 24, 2016, 5:00 AM SGT

How to spot a fake government website
The Infocomm Development Authority (IDA) said there is a growing number of fake government websites over the past few years. This is part of a larger upward trend in the number of phishing websites on the Internet. Phishing sites try to trick users into giving their personal or financial information, such as credit card numbers, identity card or passport numbers, or usernames and passwords, through the use of fake websites or e-mail masquerading as official sources.
What are the risks?
The risk of landing on a fake government website can be serious. Divulging personal information to dubious sources can lead to a compromise of your bank accounts, or even identity theft. The latter poses worse problems as criminal activities can be conducted in your name.

Here are 5 ways to spot a fake government website or email:

  1. Emails that uses a public internet account
    Take a look at the sender’s e-mail address before clicking on any link sent to you via email. Do not trust the email if it was sent via a public account as emails sent by the government will not be sent via a public account. Singapore government email addresses will end with @[agency name].gov.sg. Additionally, do not trust any email or website that asks you to “confirm” sensitive account information as it is surely a scam.
  2. Incorrect URL
    A tell-tale sign of a fake website is the usage of incorrect suffixes in the URL of the website. ALL government websites will end with ‘www.(agency name).gov.sg’. All Singapore government websites end with gov.sg. Only government websites are allowed to use .gov domain names. Many fake government websites will use domain names such as .org or .net. Below is an example of a fake website with a comparison of the real one.
  3. Is not a secure site
    Legitimate websites will use encryption to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. You should also check that the address starts with “https://” rather than just “http://”. Do not enter payment information on any site that isn’t secure.
  4. Grammatical errors
    Watch out for poor English or grammatical errors as it could mean that the site is not genuine and was put together quickly by someone looking to make a quick profit. Before divulging any personal information, take a few moments to browse the website. Read through the ‘About Us’ or ‘Contact Us’ page and see if you see anything suspicious.
  5. Low resolution images
    Scammers usually put up fake sites quickly, resulting in poor quality websites. If the ministry logo or text appears to be in poor resolution, this might be an important clue that this website should not be trusted.

How to protect yourself against such phishing scams?
Avoid clicking on links in suspicious or unsolicited e-mails. Ignore suspicious call-to-action e-mails such those claiming that “your account will be terminated”. Victims who shared their passwords or usernames should change their passwords immediately and those who have given out personal information should make a police report. Practice common sense and remain vigilant at all times.
Disclaimer: Please practice discretion while encountering such situations, vigilance is key. The list above is not exhaustive and does not guarantee that you will not fall prey on an online scam.

Scam Tips

Home