[UPDATED] Technical Support Scams - Scammers impersonating as CSA officers

SingCERT has received reports of cases where members of the public were contacted by call scammers claiming to be investigating a cybersecurity or cybercrime issue. The victims were led to believe that they were talking to a staff from a government agency that deals with cybersecurity, such as the Cyber Security Agency of Singapore (CSA). The scammers may also send emails from spoofed email accounts such as investigation[@]csa[.]gov[.]sg. The email typically contains fictitious CSA investigating officer names such as "Mike Wilson" or "Ron Watson" with fictitious badge IDs such as "8981".

In recent cases, perpetrators of tech support scams informed victims that they were investigating a case of cybercrime that was registered by victim's internet service provider. Victims were deceived into believing that their identity was misused for suspicious bank activities such as several fake bank accounts and money laundering with foreign IP addresses and locations. The victims were then told to comply with the fictitious CSA investigating officer to prove their innocence, and asked to install remote desktop access software applications such as AnyDesk, TeamViewer or UltraViewer on their computers. The scammers would then use these software applications to access the victims’ computers remotely, and “request” the victims to log into their Internet banking accounts and transfer money to them.

In other cases, scammers explained to the victims that they were investigating suspicious activities in the victims’ network or computer.

CSA would like to remind the public that government agencies will never request access to your Internet banking accounts or ask for transfers of money over the phone. Members of the public who fell for such tech support scams should immediately:

• Uninstall the applications that you were asked to install by the scammers
• Turn off your computer to halt any activities
• Report the incident to your bank to halt further activities on your bank accounts
• Change the credentials to your online bank accounts and remove any unauthorised payees added
• Report the matter to the police

Meanwhile, members of the public are advised to adopt the following preventive measures:

• Beware of any unsolicited calls and emails from persons claiming to be a staff from a government agency
• Ignore the calls and do not disclose any personal or financial details over the phone
• Do not panic and do not follow any instructions to install any applications or to type commands into your computer, as well as to log into your Internet banking accounts
• Always be wary of suspicious emails and verify before following any links or downloading any attachments, especially if the email comes from an unfamiliar sender
• When unsure, always refer to official sources for information and verification

If you are unsure of any calls and emails claiming to be from CSA, you may report the incident to SingCERT at https://go.gov.sg/singcert-incident-reporting-form. If you wish to provide any information related to such scams, or if you have followed through to make payment, please call the Police hotline at 1800-2550-000 or submit it online at https://www.police.gov.sg/iwitness.

For more information on other variants of technical support scam, please refer to the joint advisory issued by CSA and SPF here.