Public Advisory on Phishing Scams

In view of the rise in phishing scams, SFA would like to advise users to be vigilant and exercise caution when reviewing online communications or content. Users who come across websites, forms, and emails purportedly from SFA are advised to check the URL domain to ensure that it ends with “.gov.sg”. If in doubt, please contact SFA directly to clarify. 

Users can also protect themselves by taking note of the following six signs when conducting activities online:

• Mismatched and misleading information

  Cyber criminals attempt to mislead users into believing that the information they see is genuine. For example, while the sender’s displayed email address may look like an official one, the actual URL, which is the real destination of the link, could be different. To check the actual URL, hover your mouse cursor over the link, where a small window will appear displaying the actual URL (long-press the link on mobile devices to display the window with the actual URL).

• Use of urgent or threatening language

  Criminals hope to instill panic and fear to trick users into providing confidential information by pressuring them to reply quickly or issuing ultimatums. Such language can include “urgent action required’ or “your account will be terminated’. If you have good reason to believe it is a scam, delete the message immediately.

• Promises of attractive rewards

  False offers of amazing deals or incredible prizes are commonly used by cyber criminals to encourage users to act immediately. If the offers sounds too good to be true, do not respond to it.

• Requests for confidential information

  Most organisations will never ask for personal information such as NRIC, login credentials and credit card details to be sent over the internet. If you receive such a request, contact the organisation directly to clarify.

• Unexpected emails

  Cyber criminals often send mass emails to large groups of people hoping that someone responds. For example, if you receive an email about an invoice for an item you did not purchase, do not click on the links and attachments and delete the email immediately.

• Suspicious attachments

  Cyber criminals include attachments in their emails as a method to infect a user’s device with malware and steal their data. Look out for suspicious attachment names and file types. If the attachment is for something you have no recollection of or uses an uncommon file type such as .exe, trash it.  

  

  For more cybersecurity tips, please visit the GoSafeOnline website.

  Source: GoSafeOnline