The Police would like to alert members of the public to a surge in phishing scams involving usage of online messaging and OneMotoring or the Land Transport Authority (LTA). LTA phishing scams have decreased significantly after SMS Sender ID Registry (“SSIR”) registration was put in place on 31 January 2023 that automatically tagged all non-registered SMS Sender IDs as “Likely scam”. The criminals have pivoted to other means of executing this scam. Since 1 December 2024, at least 17 LTA phishing cases were reported, with total losses amounting to at least $ 33,000.
In this variant, victims would receive a text message on their online messaging apps purportedly from OneMotoring or LTA alleging that the victim had unpaid bills. The messages will often state that there was a time limit for the payment, creating a false sense of urgency. The messages would contain a malicious embedded link. When the victim clicks on the link, the victim would be directed to a phishing website where they were prompted to enter their credit or debit card details, personal information, or other sensitive information. Victims would only realise that they had been scammed when they discovered unauthorised transactions made on their debit or credit cards.
The Police have observed that more than half of these cases involved messages sent through online messaging platforms (e.g. Apple’s iMessage or Android Rich Communication Services (“RCS”)). Scammers have been abusing these online messaging platforms to deliver phishing messages. The scammer’s message will appear next to legitimate SMSes in the victim’s mobile devices. While safeguards such as the SSIR have been implemented to protect the public from spoofed SMSes the public must not lower their guard, as SSIR protection does not extend to online messaging applications. Members of the public must be vigilant against messages from unknown contacts appearing beside your SMSes in the same channel. Please see examples of these spoof messages sent out via iMessage and RCS:
Please see Annex for further details on how to distinguish an iMessage and RCS from a SMS.
Members of the public should stay alert when they receive messages from unknown contacts through a group chat on such messaging applications, even if they appear alongside legitimate SMSes in the same channel. Group chats can be renamed to mimic legitimate Sender IDs used in SMSes that mobile device will automatically queue with your previous legitimate chats. Scammer exploit this flaw to impersonate legitimate entities such as OneMotoring or LTA that are registered with SSIR.
The Police would like to advise members of the public to adopt the following precautionary measures to avoid falling for scams:
- ADD – Add the ScamShield app and set security features (e.g. set up transaction limits for internet banking transactions, enable Two-Factor Authentication (2FA), Multifactor Authentication for banks and e-wallets, use the Money Lock feature of your bank to “lock up” a portion of your money so that it cannot be transferred out digitally by anyone, further protecting your savings from scams). For iMessage, turn on the setting to filter out messages from unknown senders or turn off the iMessage if you do not expect messages from this channel. Report phishing messages from iMessage to Apple and for Android RCS to Google. Refrain from responding to unknown numbers on online messaging applications until the sender’s identity can be verified.
- CHECK – Check for scam signs with official sources (e.g. call the ScamShield helpline (1799) or visit www.scamshield.gov.sg), or with someone you trust. Look out for tell-tale signs of a phishing website. If in doubt, always verify the authenticity of information provided with the company directly.
Do not click on dubious URL links provided by anyone you do not know or have not met in person before. Take note of the URL in the address bar of your web browser. Check for the actual URL link of a hyperlink before clicking on it. Hover your mouse cursor over links in emails to see the actual URL. If using a mobile device, long-press the link to display a window with the actual URL.
Beware if you are invited or added into iMessage and RCS group chats by unknown senders. A group chat can be identified by looking for the prompt indicating that you have been added to a group chat, as well as other key design features distinguishing them from other message types. Please see Annex for further details on such design features
- TELL – Tell the authorities, family, and friends about scams. Report any fraudulent transactions to your bank immediately.
If you have any information relating to such crimes or are in doubt, please call the Police Hotline at 1800-255-0000, or submit a report online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’.
For more information on scams, members of the public can visit www.scamshield.gov.sg or call the ScamShield Helpline at 1799. Fighting scams is a community effort. Together, we can ACT Against Scams to safeguard our community!
Annex
(Note: Some elements have been redacted for privacy)
How to differentiate between SMS and RCS messages on Google Message
How to differentiate between SMS and RCS messages on iMessage
SINGAPORE POLICE FORCE
19 December 2024 @ 7:25 PM