New scam tricks people into scanning Singpass QR codes, police warn
People are invited to do surveys for monetary rewards and asked to scan the codes for verification in order to receive them.
The Singapore Police Force warned that the public should be cautious of a new scam that tricks people into scanning Singpass QR codes and gives scammers access to their digital services from that.
The scammers typically recruit participants for fake surveys through avenues such as online forums and e-commerce sites, the SPF said in a media advisory on Feb 22. Victims are promised monetary rewards for their participation in the surveys.
Upon completing a survey, the scammers tell victims they are required to scan a QR code for verification, in order to receive their monetary rewards.
“However, the Singpass QR code provided by the scammers was a screenshot taken from a legitimate website, and by scanning the QR code and authorising the transaction without further checks, victims unintentionally gave the perpetrators access to certain online services,” SPF added.
Scammers have proceeded to abuse the access given by the victim by conducting fraudulent actions such as opening new bank accounts, subscribing for new mobile lines and registering new businesses.
“Victims would only realise something was amiss when notified of these transactions by their telecommunications service provider or bank, or when they receive notifications in their Singpass Inbox that their personal details have been retrieved,” SPF said.
SPF urged the public to use their Singpass safely by only scanning QR codes within the official website or app, and to never scan codes sent to them by someone else. They added that Singpass will never send QR codes through SMS, Whatsapp or other messaging apps.
In addition, the police advised the public to remain vigilant and always verify with official sources on whether information they received is sent by the organisation and if the Singpass app is required for authentication.
Members of the public should always check the consent screen on the Singpass app or website to verify that the digital service they are accessing is legitimate. They should also ensure that the domain URL displayed on Singpass matches the one in the browser address bar.
In addition, the Singpass ID, password and Two-Factor Authentication (2FA) details should never be revealed to others.
The police advise that any suspicious activity be reported to the Singpass helpdesk at 6335 3533 immediately. More information on scams can be found at www.scamalert.sg or at the Anti-Scam Hotline at 1800-722-6688.