Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Spot signs of phishing

Be vigilant and learn to spot signs of phishing

Last updated 20 January 2025
Thumbnail for Spot Signs of Phishing - Marketing Video 1 (English)

When you learn to spot the signs of phishing, you can better protect yourself and your loved ones against phishing scams.

Phishing is a method in which cyber criminals use to fraudulently obtain your personal and financial information such as your login details, bank account numbers and credit card numbers. They often disguise themselves as a legitimate individual or reputable organisation in email, instant messaging and other communication channels. Once cyber criminals obtain your personal information, they could gain access to your online accounts, and even impersonate you to scam the people around you, such as your family, friends and business partners.

As cyber criminals come up with increasingly convincing and sophisticated methods of phishing, we must be prepared for what might come our way. To prevent yourself from becoming a victim of phishing scams, learn to spot the signs of phishing.

How to spot the signs of phishing

Here are six signs to look out for when you encounter a potential phishing scam:

  • Mismatched and misleading information
    Cyber criminals will attempt to mislead you into believing that the information you see is genuine. To ensure you do not fall for their tricks, study the information closely.

    For emails, look out for a sender’s email address that may look similar to a company’s official email address. Hover your mouse cursor over links in emails. When your mouse cursor hovers over a link, a small window will appear above the link to show you the actual URL, which is the real destination of the link. If the links are mismatched, it is a strong indicator that something ‘phishy’ is going on. If you are using a mobile device, long-press the link to display a window with the actual URL. Be careful not to tap and open the link!

    For websites, don’t be deceived by how they look. Cyber criminals can easily create phishing websites that are visually similar to legitimate websites. To distinguish the two, take note of the URL in the address bar of your web browser. Cyber criminals often use tricks such as substituting letters in a URL to mislead you into thinking that you are on a legitimate website e.g. www.paypa1.com instead of www.paypal.com.

  • Use of urgent or threatening language
    By pressuring you to reply quickly or issuing ultimatums, criminals hope to instil panic and fear to trick you into providing confidential information. Be wary of emails with phrases such as ‘urgent action required’ or ‘your account will be terminated’. If you have good reason to believe it is a scam, delete the message immediately.

  • Promises of attractive rewards
    False offers of amazing deals or unbelievable prizes are commonly used by cyber criminals to encourage you to act immediately. If you all you need to do is to click on a pop-up or complete an email survey to win a free trip to Europe, it is safe to presume that it is a phishing scam. Remember the old adage, ‘If it sounds too good to be true, it probably is’.

  • Requests for confidential information
    Most organisations will never ask for your personal information such as NRIC, login credentials and credit card details to be sent over the Internet. If the sender claims to be from your bank and requests for your bank account number, it should raise a red flag immediately. When in doubt, contact the company directly to clarify, but be sure not to use the contact information provided in the email.

  • Unexpected emails
    Cyber criminals often test their luck by sending mass emails to large groups of people, in hopes that someone responds. If you receive an email about an invoice for an item you did not purchase, do not click on the links and attachments and delete the email immediately.

  • Suspicious attachments
    Cyber criminals include attachments in their emails as a method to infect a user’s device with malware and steal their data. It may be instinctive to open attachments we receive but it is important to exercise caution. Look out for suspicious attachment names and file types. If the attachment is for something you have no recollection of or uses an uncommon file type such as .exe, trash it.

By keeping these six signs in mind and remaining vigilant at all times, you can avoid falling for phishing scams.

If you are a victim of a phishing scam, here’s what you can do:

  • Change your password immediately. If the revealed password is used on your other accounts, change those too. When creating a new password, be sure to use a different password for each of your online accounts.

  • Run a full system scan with your anti-virus software if you have clicked on a link or opened an attachment.

  • Alert your bank promptly if you have revealed your banking details or credit card credentials.

  • Keep an eye on all of your accounts for suspicious activity such as unauthorised purchases or withdrawals.

  • Lodge a police report if you incur any monetary loss.

  • Report the phishing attempt to the organisation that was misrepresented and the Singapore Computer Emergency Response Team (SingCERT) at singcert@csa.gov.sg.


Resources

For resources on spotting signs of phishing, click on the links below to download the high-resolution image files.

Posters

Be vigilant and learn to spot signs of phishing 3 red posters

English Posters for:

Poster for Seniors are also available in:

How to spot signs of phishing

Videos