Phishing Scams
Protect yourself from cybercriminals who use deceptive tactics to steal your personal information and money. Learn how to identify and avoid these increasingly sophisticated threats.
Table of Contents
Phishing scams are among the most common tactics used by online scammers to obtain sensitive information from people, such as passwords, usernames, or bank details. Phishing scams usually present themselves in the form of fraudulent emails, SMS, or phone calls, posing as messages from trusted organisations such as banks, government agencies, or trusted companies in Singapore. By appearing as real sources, cybercriminals deceive individuals into giving out personal details, risking their security and money.
How Phishing Scams Are Carried Out
Phishing fraud is one of the more prevalent internet scams in Singapore. It can occur in many different forms. It is essential to understand how each type of phishing is done so as to understand how to identify them and protect ourselves from the proliferation of phishing scams.
Email Phishing
Impostors send fake emails purportedly from well-established organisations, such as banks, government agencies (e.g., IRAS, LTA, Singapore Customs), or reputable companies like Singtel and SingPost. They will also usually threaten and trick individuals into giving out sensitive information, clicking on a link, or opening a virus-carrying attachment.
Spoofed Web Addresses & Fake Websites
Scammers design copied websites that are similar to genuine ones. The victims are typically directed to them via phishing emails, where they unknowingly enter sensitive data like passwords, one-time passwords (OTPs), or banking information. Spoofed web addresses may have slight misspellings or inserted characters to appear authentic. For example, dbss.com.sg instead of dbs.com.sg.
Smishing (SMS Phishing)
Trick SMS messages—false ones purporting to be from SingPost, banks, or e-commerce businesses—urge recipients to click on bogus links to rectify delivery issues, verify accounts, or process urgent payments. The links lead to imposter sites designed to harvest login credentials or bank account data.
Vishing (Voice Phishing)
Scammers also impersonate bank officers, government officials (e.g., from IRAS or Singapore Customs), or phone customer service representatives to obtain personal information. They may threaten lawsuits, report tax discrepancies, or offer too-good-to-be-true offers to intimidate victims into releasing their credentials.
E-commerce & Parcel Delivery Phishing
Scammers prey on online purchase behaviour by triggering spoofed acknowledgement emails or SMS from SingPost, courier companies, or websites. The alerts may request additional payment, getting victims to imitation payment pages that steal financial information.
Business Email Compromise (BEC)
Fraudsters target business firms using hacking or by impersonating company emails asking for illegal payments. They may also be posing as senior executives or vendors, instructing employees to transfer money into imitation accounts. This is a great threat for business firms handling huge amounts of money.
What to Look Out For in Phishing Scams
Verify Sender Information
- Check the sender's email address carefully for misspellings, extra characters, or suspicious domains (e.g., [email protected] instead of [email protected]).
- Be cautious of emails from free domains like @gmail.com or @yahoo.com, especially if they claim to be from banks, government agencies, or major companies.
Be Cautious of Requests for Personal Information
- Legitimate organisations will never ask for your passwords, OTPs, or banking details over email, SMS, or phone calls.
- If in doubt, contact the organisation directly using official customer service channels.
How to Protect Yourself from Phishing Scams in Singapore
01 – Be Skeptical
Approach unexpected emails, SMS messages, or phone calls with caution, especially if they claim to be from Singapore Customs, IRAS, LTA, Singtel, SingPost, or local banks. Government agencies and banks will never ask for your personal details or OTPs via email or SMS unless you are performing the transactions yourself.
02 – Verify Communications
Do not trust links, attachments, or phone numbers provided in suspicious messages. Instead, contact the organisation directly using official contact details from:
- Gov.sg websites (e.g., www.iras.gov.sg for tax matters)
- Official banking hotlines (e.g., DBS, UOB, OCBC)
- SingPost and courier websites for parcel-related queries
03 – Use Security Software
Install and update reliable antivirus and anti-phishing software such as ScamShield to protect yourself against scams like banking phishing attacks and parcel delivery scams. Activate SMS filters on your phone through the ScamShield app to block scam messages and calls.
04 – Educate Yourself
Stay updated on common scams in Singapore by following:
- Scam Alert – Singapore Police Force's scam awareness platform
- Cyber Security Agency of Singapore (CSA) – Get the latest online safety tips
- Scam.SG – Read scam-related articles to understand different scam types
How to Report a Phishing Scam in Singapore
If you encounter a phishing scam in Singapore, it is crucial to limit the damage and protect others. Learn the different ways of reporting and how to limit the extent of losses to phishing fraud.
Make a Police Report
Contact the Singapore Police Force (SPF)'s hotline at 1800-255-0000.
Contact Relevant Entities
- Singpass phishing scams: Call the Singpass hotline at +65 6335 3533
- SingPost phishing scams: Call the SingPost hotline at 1605
- Bank phishing scams: Call your bank's anti-scam hotline
- For other platforms of phishing fraud, contact the relevant entities' helpline for assistance.
If there are no losses, report it to us. Your reports will help protect others by helping them learn to identify and stay safe from future phishing scams.
Discover what to do if you gave your personal information to a phishing scamReport a Phishing Scam
If you've encountered a phishing attempt or fallen victim to a scam, report it immediately to help protect others and potentially recover your losses.
Stay Safe: Subscribe for Scam Alerts
Get the latest updates on new scam techniques and prevention tips delivered directly to your inbox.
Phishing Scams in Singapore: Your Questions Answered
Stay Informed, Stay Protected
Phishing scams are constantly evolving. The best defense is staying informed and practicing good cybersecurity habits.
Social Engineering & Trust Exploitation
Phishers exploit victims' emotions and trust by pretending to be friends, relatives, or colleagues. They will send emails or messages stating that they are in a crisis situation and request money or confidential data urgently.