If you receive a suspicious-sounding e-mail telling you to verify your details for your SingPass account by clicking on a link, don’t do so and delete the message.
That’s the advice from the Infocomm Development Authority (IDA), which said yesterday that such scam e-mails have been received by some SingPass users. They are not sent by SingPass, it cautioned.
The messages are titled “SingPass account security info verification” from “SingPass Government [firstname.lastname@example.org]”
Asking users to verify their e-mail addresses because their account has been suspected, they appear to be aimed at “phishing” for unsuspecting users, said the infocomm regulator.
Such ruses usually lead users to a website that can inject malicious software code into their PCs, giving access to hackers to steal information.
The IDA’s advisory comes amid efforts to tighten the security of e-services in Singapore.
After some 1,500 SingPass accounts were compromised last year, the government set about putting up long overdue controls on access to sensitive information such as tax information and retirement account balances.
Access to such services will likely require users to log in with not just a password but also a pin from a separate token.
This two-factor authentication has been used in banking for several years in Singapore, but has only now been adopted in some of the 340 services that SingPass offers access to.
For more tips on security from the SingPass folks, click here.