Singpass Phishing in Singapore: How to Protect Your Digital Identity
Learn how scammers exploit Singpass and MyInfo to steal your identity. From fake login pages to fraudulent MyInfo requests, here is how to protect your Singpass account.
Singpass Phishing in Singapore: How to Protect Your Digital Identity
Singpass is the master key to your digital life in Singapore. With a single login, you access over 2,700 government and private sector services — from filing taxes with IRAS to checking your CPF balance, applying for HDB flats, and even signing legal documents digitally. More than 4.5 million Singpass users depend on it daily. That makes it one of the most valuable targets for scammers in Southeast Asia.
The Cyber Security Agency of Singapore (CSA) and the Singapore Police Force have repeatedly warned about increasingly sophisticated Singpass phishing attacks. If someone gains access to your Singpass, they can potentially access your tax records, medical information, CPF savings, and even open bank accounts in your name.
Why Singpass Is Such a High-Value Target
Singpass is not just a login — it is a comprehensive digital identity system. Through MyInfo, it shares your verified personal data (name, NRIC, address, income, employment history) with authorized services. This means compromising a Singpass account gives attackers access to far more than just one service.
The introduction of Singpass Face Verification and the Singpass app has improved security significantly, but scammers have adapted their tactics accordingly.
Common Singpass Phishing Attacks
1. Fake Singpass Login Pages
You receive an SMS or email that appears to come from a government agency — IRAS, CPF Board, HDB, MOH, or even Singpass itself. The message claims your account needs verification, your tax refund is ready, or your Singpass is about to expire. The link leads to a convincing replica of the Singpass login page.
When you enter your credentials on the fake page, the scammer captures them in real time and uses them to log into the real Singpass. Some sophisticated versions even relay your 2FA code, completing the authentication on the real site before you realize what happened.
How to protect yourself: Never click links in SMS or email that claim to be from Singpass. Always navigate to singpass.gov.sg directly by typing the URL yourself.
2. Fake MyInfo Authorization Requests
Scammers create fake websites that mimic legitimate businesses (banks, insurance companies, telcos) and include a "Login with Singpass" or "Retrieve MyInfo" button. When you click it, you are redirected to a fake Singpass authorization page that harvests your credentials.
How to protect yourself: Before authorizing any MyInfo request, verify that the website is legitimate and that you initiated the interaction. Check the URL carefully — official Singpass pages are always on singpass.gov.sg.
3. Scam Calls Claiming Singpass Compromise
You receive a phone call from someone claiming to be from the Singapore Police, CSA, or GovTech. They say your Singpass has been compromised and is being used for illegal activities. To "secure" your account, they ask you to verify your identity by logging into Singpass through a link they provide or sharing your 2FA code.
How to protect yourself: Government agencies will never call you and ask for Singpass credentials or OTP codes. Hang up and call the agency directly using the number on their official website.
4. QR Code Singpass Scams
Scammers display fake QR codes at public locations or send them via messaging apps, claiming you need to scan them to verify your identity, claim a government payout, or complete a transaction. The QR code leads to a phishing site that mimics the Singpass QR login flow.
How to protect yourself: Only scan Singpass QR codes on official government websites or in the Singpass app. Never scan a QR code sent by an unknown person.
5. Fake Job Application Singpass Requests
Scammers posing as employers ask job applicants to "verify their identity" by logging into Singpass through a provided link. This is particularly effective because job seekers are accustomed to submitting personal information during the hiring process.
How to protect yourself: Legitimate employers in Singapore do not ask for Singpass login during the application process. MyInfo data sharing should only happen on official, verified platforms.
Singpass Phishing Red Flags
| Warning Sign | What It Means |
|---|---|
| SMS or email with a Singpass login link | Almost certainly phishing |
| Urgent message about Singpass expiration | Singpass does not expire this way |
| Phone call asking for Singpass OTP | Government agencies never request OTPs by phone |
| Unfamiliar website with "Login with Singpass" | Likely a credential-harvesting fake |
| Job listing requiring Singpass verification via link | Scam disguised as hiring process |
| QR code claiming to be for identity verification | Possible phishing QR redirect |
Singpass Security Checklist
- Never click Singpass links in SMS or emails — always navigate directly to singpass.gov.sg
- Enable biometric login in the Singpass app for added security
- Review your Singpass transaction history regularly for unauthorized access
- Never share your Singpass password or OTP with anyone, including officials
- Report suspicious Singpass activity immediately at singpass.gov.sg
- Check the URL carefully before entering credentials — look for singpass.gov.sg
- Use the official Singpass app for all Singpass-related transactions
What to Do If Your Singpass Is Compromised
- Reset your Singpass password immediately at singpass.gov.sg
- Contact the Singpass Helpdesk at 6335-3533
- File a police report at the nearest Neighbourhood Police Centre
- Check for unauthorized transactions on all linked services (CPF, IRAS, banks)
- Monitor your credit report for unauthorized account openings
Protect Your Personal Information
When you need to share sensitive information like your NRIC number, SingPass-related details, or any personal data, never send them through iMessage or WhatsApp in plain text. Use LOCK.PUB to create a password-protected, self-destructing link. Only the intended recipient who knows the password can access the information, and it disappears after the set expiration.
The Bottom Line
Singpass is one of the most powerful digital identity systems in the world, and that power is exactly why it is a prime target for phishing attacks. The golden rule: never log into Singpass through a link sent to you — always navigate to singpass.gov.sg directly.
No government agency in Singapore will ever ask for your Singpass password or OTP over the phone. If you need to share personal details securely, use LOCK.PUB instead of plain text in messaging apps. Your Singpass is your digital identity — protect it accordingly.
Keywords
You might also like
Bazoš and Aukro Scam Prevention: How to Avoid Marketplace Fraud in the Czech Republic
Czech marketplace platforms Bazoš and Aukro are rife with scammers using fake buyers, off-platform payments, and shipping tricks. Here is how to protect yourself.
BCR, BRD, and ING Romania Phishing: How Scammers Target Romanian Bank Customers
Fake SMS and emails impersonating BCR, BRD, ING, and Raiffeisen Bank are draining Romanian bank accounts. Learn how to spot banking phishing attacks and protect your credentials.
Carousell Scams in Singapore: How to Avoid Fake Buyers and Sellers
A practical guide to the most common Carousell scams in Singapore, from fake payment screenshots to phishing links and overpriced drop-shipping. Learn how to buy and sell safely.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free