Phishing Scams in Singapore: How Fraudsters Steal Your Credentials and Your Money

Phishing scams are among the most insidious and widespread frauds in Singapore. While many associate phishing with emails, the reality is far more sophisticated and much closer to home.

In Singapore, scammers today mimic banks, government agencies, and public service platforms through SMS, email, QR codes, and even video calls. All they need is for you to click on a link or key in your login details and they’ve got you.

 

This article explains what phishing scams are, how they operate in the Singapore context, real local cases with startling losses, and, most importantly, how you can protect yourself and how Scam.SG can help.

What Is a Phishing Scam?

A phishing scam is when a fraudster impersonates a trusted person or organisation (like a bank or government agency) to trick you into revealing sensitive personal data such as your login names, passwords, one-time passwords (OTPs), and even credit card or bank account details.

Unlike brute force attacks or malware, phishing relies on social engineering: it manipulates your trust, urgency, or fear to persuade you to give up credentials voluntarily.

In the Singapore landscape, phishing scams often take the form of:

• SMS or WhatsApp messages that appear to be from banks or Singpass

• Emails claiming issues with your account or identity

• QR codes that lead to spoofed web pages (sometimes called “quishing”)

• Phone or video calls impersonating officials

How Phishing Scams Work in Singapore