CPF login may require Singpass face verification to protect vulnerable members from malware scams
Some Central Provident Fund (CPF) members may be required to use Singpass face verification when logging into their accounts.
This comes as the authorities said victims lost about $8 million in more than 700 malware-related scams that were reported between January and June.
In ongoing investigations, they have found that at least eight of these scams involved CPF savings, with losses amounting to $124,000, said the CPF Board, Government Technology Agency (GovTech) and police in a joint statement on Thursday.
As a precaution, CPF Board and GovTech said they have introduced Singpass face verification during login to vulnerable members who access CPF e-services.
This additional security feature applies to suspicious or higher-risk logins. For example, Android users and those aged 55 and above may be prompted to log in with the feature to combat the latest scam tactics.
“While this may make it less convenient for members to access CPF online services, we seek CPF members’ understanding that it might be better to be safe than sorry,” said the statement.
CPF members can contact the Singpass helpdesk on 6335-3533 between 9am and 6pm, go to www.go.gov.sg/singpass-faq or visit any Singpass counter located islandwide for more information about face verification.
The agencies explained that in malware scams, the victim clicks on advertisements on social media where an item is sold cheaply and receives a link to download an installation file to an Android application from a third-party app store to buy the item.
A malware is installed on the Android phone when the file is downloaded.
The scammer then calls or texts the victim and instructs him to turn on accessibility services on the phone, which weakens the device’s security and allows the scammer to take control of it. For example, the scammer can record every keystroke and steal banking credentials.
The scammer is then able to log in remotely to the victim’s banking apps, add money mules as payees, raise payment limits and transfer money out. To cover his tracks, the scammer can even delete SMS and e-mail notifications of bank transfers made.
The scammer may also log in to the victim’s CPF account through Singpass to withdraw money.
The CPF withdrawal, which is paid to the CPF member’s verified bank account, can then be transferred out from the bank account by the scammer using stolen credentials.
Police said in a release in June that no less than two Android users lost at least $99,800 of their CPF savings to scams involving malware that month.
Police did not state the victims’ ages. CPF members can withdraw some of their savings when they turn 55 and receive monthly payouts under the CPF Life scheme when they reach the eligible age, which is currently 65.
In an islandwide anti-scam enforcement operation conducted between June 19 and 23, seven men and a woman, aged between 20 and 28, as well as a 16-year-old were arrested for suspected involvement in banking-related phishing scams involving malware attacks on Android mobile devices.
Another two women and a man, aged between 27 and 57, are assisting in the investigations, police said in a separate release. Victims lost more than $221,000, including more than $114,000 of money from their CPF accounts, police added.
The public, especially Android users, are advised to download only applications from official app stores to avoid malware being installed, the statement said.
People should also exercise caution when turning on the phone’s accessibility services or allowing access because it will weaken the security of the phone.
They should always promptly update their phones with the latest security patches.
For more information, go to www.scamalert.sg or call the Anti-Scam Helpline on 1800-722-6688.
To avoid being an accomplice in these crimes, the public should reject supposed money-making opportunities promising fast and easy payouts for others to use their Singpass or bank accounts, police said.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now