People in SG tricked into granting scammers Singpass access in QR code scam

Upon completing bogus surveys created by the scammers, victims would be asked to scan a Singpass QR code with their Singpass app. — Photo by Sherise VD on Unsplash

SINGAPORE: People have been duped into scanning Singpass QR codes that grant scammers login access to various digital services in a recent bout of online survey scams.

Victims were often lured with the promise of monetary rewards for taking part in a survey purportedly conducted on behalf of reputable companies or organisations.

They were recruited through online forums and e-commerce sites, and contacted by the scammers via WhatsApp, the police said on Tuesday (Feb 22).

Upon completing bogus surveys that had been created by the scammers, victims would be asked to scan a Singpass QR code with their Singpass app as part of the “verification process”.

They were told that this would retrieve their survey results so the reward could be paid out.

However, the Singpass QR code was a screenshot taken from a legitimate website, and by scanning the QR code and authorising the transactions without further checks, victims could give scammers access to online services.

Scammers exploited the access by registering businesses, subscribing for new mobile lines or opening new bank accounts in the victims’ names.

Victims would realise something was amiss only when they were notified of these transactions by their telecommunications service provider or bank, or when they received notifications in their Singpass inbox that their personal details had been retrieved.

The police warned against scanning Singpass QR codes sent by someone else, adding that Singpass will never send QR codes through non-official messaging platforms such as WhatsApp or SMS.

Information received should also be verified with official sources, and people should also check with the relevant organisations if the transaction involves authentication using the Singpass app, said the police.

Also, after scanning a Singpass QR code, people should always check the consent screen on the app to verify the legitimacy of the digital service that is being accessed. This means that the domain URL displayed in the app should match that in the browser address bar.

The police also reminded people to never disclose their Singpass ID, password and two-factor authentication details to others. – The Straits Times (Singapore)/Asia News Network

Article type: free
User access status:
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Russian parliament approves tax break for issuers of digital assets
G7 to tackle cyber threats and disinformation from Russia: communique
Swiss top court upholds ban on foreign online betting operators
Indonesia will use Covid tracking app to sell cheap cooking oil
Siemens to invest in Volkswagen's N.American charging network
Uber agrees to Australia minimum pay body after similar moves in Britain, Canada
Instagram and Facebook remove posts offering abortion pills
Russian industry faces code crisis as critical software pulled
Russia fines United Parcel Service over data storage - TASS
Russia fines foreign firms for alleged data storage violations

Others Also Read