Beware of bogus e-mail on SingPass, says IDA
THE Infocomm Development Authority (IDA) has put up a security advisory online, warning unsuspecting SingPass users not to fall prey to a phishing e-mail message which has apparently been making the rounds.
Phishing is when hackers use fake e-mail messages to get users to divulge sensitive personal information such as their user identities and passwords.
On its Facebook page, IDA said yesterday: "Some SingPass users have received an e-mail titled 'SingPass account security info verification' from 'SingPass Government' informing recipients that their SingPass PINs have been suspended and to click on a link to confirm their e-mail address."
IDA continued: "Please note that this is a phishing e-mail, which is NOT sent by SingPass.
"Should you receive this e-mail, do not click on the link, delete it and contact SingPass at firstname.lastname@example.org."
SingPass grants Singapore residents access to 340 e-government services. It is due to be revamped next month to enhance security, after more than 1,500 SingPass accounts were breached a year ago.
Three of the accounts breached were used to make fraudulent applications for work passes.
The Singapore Computer Emergency Response Team (SingCert) said that clicking on links in dubious e-mail messages may lead users to fraudulent websites.
It also advised users not to enter their credentials in these websites.
"For government e-services that require you to log in via SingPass, always do so directly from the government agency's website so as to avoid being a victim of phishing," said SingCert in its online advisory.
The first government agencies to use the new SingPass will include the Central Provident Fund Board and Inland Revenue Authority of Singapore.
Users checking their accounts on the websites of the two agencies will have the option of using a one-time password (OTP) to better secure their transactions.
It is hoped that the OTP - generated randomly on a calculator-like token or delivered by SMS - will make SingPass accounts harder to hack into.
As another layer of authentication, the OTP is entered in addition to the usual SingPass and user name, which is the user's NRIC number.