Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Report a phishing email

Recognise the warning signs, verify sender details, and report suspicious emails to authorities.

Last updated 20 January 2025

Phishing is a social engineering technique used by cyber criminals to fraudulently obtain sensitive information by impersonating a legitimate individual or reputable organisation in digital communication. Phishing can come in the form of emails, messages and websites.

What are phishing emails after?

The intent behind a phishing email varies and could include:

  • To trick the recipient into disclosing sensitive information, such as login ID, passwords, credit card information or personally identifiable information

  • To trick the recipient into transferring funds

  • To download malicious software on a recipient’s computer

  • To test the existence of active mailboxes

Avoid falling prey to phishing emails by doing the following:

  • Look out for spelling errors and bad grammar

  • Be wary of urgent or threatening messages

  • Always check to ensure that the sender email address corresponds with the sender name by checking for typos and/or unusual email addresses

  • Hover your mouse over the link(s) in the email to check the full website address before clicking on the link(s)

  • Scan attachments before opening or downloading them

Feeling unsure about the email which you have just received?

If you have received an email which you think might be a “phish”, send it to us!

Submit a Report

Your report will help us act quickly and prevent other people from being affected.

What do we do with your report?

SingCERT will review the information submitted. If we find anything that we believe is malicious during the review, we may work with hosting providers to:

  • Take down the email address used

  • Take down any malicious websites linked in the email

In a small number of cases, you may not be able to send in the suspicious email to us due to security configuration settings. If you encounter this problem, please send us an email (without the suspicious email attachment) at singcert@csa.gov.sg, and we will follow up with you.

What to do if you have already clicked

  • If you are using a work laptop or phone, contact your IT department and let them know.

  • Run a full anti-virus scan on your systems.

  • If you have provided your banking details, inform your bank.

  • If you have provided your password, change the passwords on all your accounts that use the same password.

  • If you have lost money, lodge a police report.

Cybercrime is a serious criminal offence in Singapore where the Police are the relevant authority to investigate such offences. You should lodge a police report at https://eservices1.police.gov.sg, if you think you may have been the victim of a cybercrime.