Beware of SingPass phishing e-mail: IDA

The authorities have put up a security advisory online warning SingPass users not to fall prey to a phishing e-mail, which has apparently been making its rounds.

Phishing is a fraudulent process used by hackers to get users to divulge sensitive personal information such as their user identities and passwords.

On its Facebook page, the Infocomm Development Authority posted yesterday: "Some SingPass users have received an e-mail titled 'SingPass account security info verification' from 'SingPass Government' informing recipients that their SingPass PINs have been suspended and to click on a link to confirm their e-mail address.

"Please note that this is a phishing e-mail which is NOT sent by SingPass. Should you receive this e-mail, do not click on the link, simply delete it and contact SingPass at singpass-helpdesk"

SingPass grants Singapore residents access to 340 e-government services, and is due to be revamped next month to enhance security after more than 1,500 SingPass accounts were breached a year ago, of which three were used to make fraudulent applications for work passes.

The Singapore Computer Emergency Response Team (SingCert) said clicking on links contained in dubious e-mails may lead users to fraudulent websites.

"For government e-services that require you to log in via SingPass, always do so directly from the government agency's website so as to avoid being a victim of phishing," said SingCert in its online advisory.

The first government agencies that will use the new SingPass after its revamp include the Central Provident Fund Board and Inland Revenue Authority of Singapore. Users checking their accounts on the websites of the two agencies will have the option of using a one-time password (OTP), in addition to the usual SingPass and user name, to better secure their transactions.

It is hoped that the OTP - generated randomly on a calculator-like token or delivered by SMS - will make SingPass accounts harder to hack into. The added layer of security is known as two-factor authentication.

This article was first published on June 26, 2015.
Get a copy of The Straits Times or go to for more stories.