The Police would like to alert the public to a new modus operandi where scammers would mislead victims into scanning Singpass QR codes and unknowingly authorising access to digital services. Thereafter, the scammers would misuse the access granted for fraudulent purposes.
Modus Operandi
In these cases, scammers would create fake surveys and would recruit participants through avenues like online forums and e-commerce sites. The surveys were purportedly conducted on behalf of reputable companies or organisations in Singapore. Scammers typically communicate with the victims through WhatsApp and promise them monetary rewards for their participation in the surveys.
Upon completing the surveys, the scammers would request for the victims to scan a Singpass QR code with their Singpass app, claiming it was part of the verification process to retrieve their survey results for disbursement of the monetary rewards. However, the Singpass QR code provided by the scammers was a screenshot taken from a legitimate website, and by scanning the QR code and authorising the transaction without further checks, victims unintentionally gave the perpetrators access to certain online services.
Scammers would proceed to misuse the access by registering businesses, subscribing for new mobile lines or opening new bank accounts under the victim’s name. Victims would only realise something was amiss when notified of these transactions by their telecommunications service provider or bank, or when they receive notifications in their Singpass Inbox that their personal details have been retrieved.
Use your Singpass safely
The use of the Singpass app to scan Singpass QR codes on the login pages of official Government and private sector organisations allow users to log in to digital services. The login process requires user consent and authentication through biometrics or passcode verification on the user’s personal device. Singpass will never send QR codes through SMS, messaging apps like WhatsApp and other non-official messaging platforms. While there are stringent security measures implemented by Singpass, members of the public are advised to stay vigilant and follow these security practices to protect themselves against similar online scams:
- Never scan any Singpass QR code sent to you by someone else. You should only scan the Singpass QR code on the official website of the e-service that you want to access, or tap on Singpass QR codes on the official apps of these e-services;
- Always verify with official sources on whether the information you have received is sent by the organisation and if the transaction involves authentication using the Singpass app;
- After scanning a Singpass QR code, always check the consent screen on your Singpass app to verify the legitimacy of the digital service you are accessing. Ensure that the domain URL displayed on your Singpass app matches that in the browser address bar. If otherwise, do not tap on the ‘Log In’ button on the consent screen;
- Never disclose your Singpass ID, password and Two-Factor Authentication (2FA) details to others; and
- Report any suspicious activities to the Singpass helpdesk at 6335 3533 immediately and you will be guided on steps to further secure your account.
If you have any information relating to such crimes, please call the Police Hotline at 1800-255-0000, or make a submission online at www.police.gov.sg/iwitness. If you require urgent Police assistance, please dial ‘999’.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Hotline at 1800-722-6688. Join the ‘Spot the Signs. Stop the Crimes’ campaign at www.scamalert.sg/fight by signing up as an advocate to receive up-to-date messages and share them with your family and friends. Together, we can help stop scams and prevent our loved ones from becoming the next victim.
Annex
SINGAPORE POLICE FORCE
22 February 2022 @ 9:45 PM