People in SG tricked into granting scammers Singpass access in QR code scam

Upon completing bogus surveys created by the scammers, victims would be asked to scan a Singpass QR code with their Singpass app. — Photo by Sherise VD on Unsplash

SINGAPORE: People have been duped into scanning Singpass QR codes that grant scammers login access to various digital services in a recent bout of online survey scams.

Victims were often lured with the promise of monetary rewards for taking part in a survey purportedly conducted on behalf of reputable companies or organisations.

They were recruited through online forums and e-commerce sites, and contacted by the scammers via WhatsApp, the police said on Tuesday (Feb 22).

Upon completing bogus surveys that had been created by the scammers, victims would be asked to scan a Singpass QR code with their Singpass app as part of the “verification process”.

They were told that this would retrieve their survey results so the reward could be paid out.

However, the Singpass QR code was a screenshot taken from a legitimate website, and by scanning the QR code and authorising the transactions without further checks, victims could give scammers access to online services.

Scammers exploited the access by registering businesses, subscribing for new mobile lines or opening new bank accounts in the victims’ names.

Victims would realise something was amiss only when they were notified of these transactions by their telecommunications service provider or bank, or when they received notifications in their Singpass inbox that their personal details had been retrieved.

The police warned against scanning Singpass QR codes sent by someone else, adding that Singpass will never send QR codes through non-official messaging platforms such as WhatsApp or SMS.

Information received should also be verified with official sources, and people should also check with the relevant organisations if the transaction involves authentication using the Singpass app, said the police.

Also, after scanning a Singpass QR code, people should always check the consent screen on the app to verify the legitimacy of the digital service that is being accessed. This means that the domain URL displayed in the app should match that in the browser address bar.

The police also reminded people to never disclose their Singpass ID, password and two-factor authentication details to others. – The Straits Times (Singapore)/Asia News Network

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

Google opens Italy's second cloud region in Turin city
Central bank tests spur global instant payment hopes
Opinion: Can a cloud backup move my programs and data to a new PC?
Rio Tinto staff's personal data may have been hacked - memo
Australia’s Canva adds AI tools to take on Microsoft, Google
VinFast rolls out long-awaited electric SUVs, eyes overseas deliveries
People smugglers use TikTok to promote their services
Forum hosting data leaks, including from Malaysia, shut down after admin arrested
TikTok’s CEO will tell US Congress his app is safer than most
Microsoft’s GitHub to add OpenAI chat functions to coding tool

Others Also Read