Report a Phishing Email

Published on 05 Jun 2020

Updated on 23 Mar 2021



Phishing is a social engineering technique used by cyber criminals to fraudulently obtain sensitive information by impersonating a legitimate individual or reputable organisation in digital communication. Phishing can come in the form of emails, messages and websites.

 

What are phishing emails after? 

The intent behind a phishing email varies and could include:

  • To trick the recipient into disclosing sensitive information, such as login ID, passwords, credit card information or personally identifiable information
  • To trick the recipient into transferring funds
  • To download malicious software on a recipient’s computer
  • To test the existence of active mailboxes

Avoid falling prey to phishing emails by doing the following:

  • Look out for spelling errors and bad grammar 
  • Be wary of urgent or threatening messages 
  • Always check to ensure that the sender email address corresponds with the sender name by checking for typos and/or unusual email addresses
  • Hover your mouse over the link(s) in the email to check the full website address before clicking on the link(s)
  • Scan attachments before opening or downloading them



Feeling unsure about the email which you have just received?

If you have received an email which you think might be a “phish”, send it to us!


Submit a Report

 

Your report will help us act quickly and prevent other people from being affected.


What do we do with your report?

SingCERT will review the information submitted. If we find anything that we believe is malicious during the review, we may work with hosting providers to:

  • Take down the email address used
  • Take down any malicious websites linked in the email

In a small number of cases, you may not be able to send in the suspicious email to us due to security configuration settings. If you encounter this problem, please send us an email (without the suspicious email attachment) at singcert@csa.gov.sg, and we will follow up with you.

What to do if you have already clicked

  • If you are using a work laptop or phone, contact your IT department and let them know.
  • Run a full anti-virus scan on your systems.
  • If you have provided your banking details, inform your bank.
  • If you have provided your password, change the passwords on all your accounts that use the same password. 
  • If you have lost money, lodge a police report.

Please note that:


Cybercrime is a serious criminal offence in Singapore where the Police are the relevant authority to investigate such offences. You should lodge a police report at  https://eservices.police.gov.sg/, if you think you may have been the victim of a cybercrime.