How to tell if it’s a scam: The red flags in scam messages you need to spot
Scam messages. We've all received them.
But how can you tell if they're legitimate? The editorial team at TechNews pulled up some text messages from our inboxes to highlight what's not quite right with them.
Exhibit 1: The delivery delay
Red flag #1: It says Singapore Post instead of SingPost
Scammers often try to use generic names like "info" or "msginfo" in their emails and messages. 'Singapore Post' is a little bit more generic than 'SingPost' which is used in their everyday communications – so there's some reason to be suspicious.
That said, even if 'SingPost' was used, there is no guarantee that the message is authentic.
PS: If you look carefully, 'Reminder' is also spelt as 'Remindaer'! Spelling errors are also another warning sign.
Red flag #2: It contains a link!
Also, as of Feb 28 2022, SingPost (as well as banks in Singapore) have stopped sending clickable links in their official SMSes. This one is suspicious for sure.
But even if SingPost did indeed send clickable links, the message contains a shortened URL, which has absolutely nothing to do with SingPost (www.singpost.com).
Why is that a red flag? Messages with shortened URLs claiming to address delivery issues often lead to phishing sites designed to steal your personal information.
Red flag #3: The number has a +63
For starters, +63 is the country code for the Philippines, so that should be an immediate red flag. That said, +65 (Singapore's country codes) aren't much better either; they should not be trusted, especially if it's from an unknown number.
PS: Unfortunately, scammers can also spoof a legitimate sender's number and email address, so you always have to be wary, regardless where the message is from.
Exhibit 2: The traffic fine
Red flag #4: Dodgy website link
'police-gov.com' is a big red flag; You'd expect the police to have at least 'gov.sg' in the url. At least, the official one ( www.police.gov.sg) does.
This website may also look legitimate with the logo, but scammers have been known to create good replicas of the real thing.
PS: Another way to avoid getting scammed is to wait for the official letter from the Traffic Police to see if you have indeed gotten a fine. Alternatively, you can file an e-appeal, with your appeal number; they'd be able to advise if it's legitimate or not.
Red flag #5: Unexpected payment requests
If you're transacting with the Government, you usually will have to use your Singpass to log in to the website. Always be sceptical when this doesn't happen. The fact that PayNow also isn't offered as a payment option is a red flag.
Stay alert to any unexpected requests for payments or fees, particularly if they say that payments are urgent or overdue.
Also, rest assured, the Singapore Government will give you ample time and notice to pay your fines.
Exhibit 3: The fake bank officer
Red flag #6: You're instructed to download an app
If you're asked to download an app, there's a very high chance that the app is malware designed to steal your information.
This holds particularly true if it's a third-party app not found on official app stores such as Google Play or Apple App Store.
In the past, scammers have tricked Singaporeans to download malware in the form of apps on the promise of good deals involving durians, wagyu beef, and mooncakes.
Remember – even if the app sounds like a trustable app, you need to download it via original sources. In 2023, there was a scam that made people download a fake ScamShield app outside the Google Play store.
Exhibit 4: The helpful customer service staff
Red flag #7: Requesting sensitive information
Last but not least, always remember that someone requesting your One-Time Password (OTP) or personal passwords is a major security red flag. And yes, your Singpass credentials fall into this category; since a lot of your sensitive information can be assessed using it.
Such requests are often signs of attempted fraud or hacking, as legitimate companies and services will never ask for this sensitive information via unsolicited communications. Protecting your personal data is crucial; thus, it's important to stay vigilant and cautious. Always verify the identity of the person or entity asking for such details and never share your passwords or OTPs over phone calls, emails, or messages that you did not initiate or cannot independently verify.
How can we stay safe, then?
Scams are getting increasingly sophisticated every day. And they're getting better and better at impersonating companies and the authorities.
That being said, the first line of defence you can identify a legitimate link from the Singapore Government is to look for 'gov.sg' in the URL. In the past, some government sites did not all use 'gov.sg', but this is changing.
Another way is to look out for 'go.gov.sg', 'for.sg' or 'for.edu,sg' in the url. These shortened links can only be created by public servants, healthcare and education officers respectively, so you can be assured that they are legitimate.
For a slightly more manual process, you can also check links you receive against the list of trusted websites here; if they claim to be from government or government affiliated websites.
Last but certainly not least, the best thing you can probably do is to stay informed. In the age of the internet; scammers are the new robbers and thieves. Learn about the characteristics of common scams and keep updated with the latest scam tactics in your region to avoid falling victim.
Stay alert, stay safe.
