SingCERT has received information of a potential phishing campaign targeting six countries, including Singapore. The phishing theme will focus on government support to businesses and individuals amidst the COVID-19 pandemic.
The report claimed that the campaign is set to launch in Singapore on 21 June 2020. Based on the report, phishing emails would be sent from a spoofed email account from the Ministry of Manpower, to businesses, to offer additional support of $750 for their employees.
Although the report suggests that the phishing campaign in Singapore would spoof the Ministry of Manpower and is targeted at businesses using COVID-themed lures, there are always ongoing phishing attempts by various cyber criminals who use different themes or lures, and spoof different entities. This is because phishing remains a common and effective technique by cyber criminals to gain access to individuals' accounts, deliver malware to victims, or trick victims into revealing sensitive information including account credentials, bank account numbers and credit card numbers.
Businesses and individuals should always be vigilant. If you receive a suspicious or unsolicited email that requests for sensitive information or require financial payments, you may wish to check with the sender via an alternative medium to verify the authenticity of the email before following up on the request. Avoid clicking on links or opening attachments found in emails or text messages from unknown or untrusted senders. Even if the email or text message appears to come from a known or familiar sender, double-check the details to verify the authenticity. Government websites will only use .gov.sg links, except for some websites which the public are already familiar with (e.g. skillsfuture.sg, onemotoring.com.sg, ns.sg). Any Government link shorteners will only be on a go.gov.sg link URL. When unsure, always refer to official sources for information and verification.
For more information on ways to spot signs of phishing, please visit https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/spot-signs-of-phishing
If you think you may have received a phishing email, you can report the email to us at https://www.csa.gov.sg/singcert/resources/report-a-phishing-email