Scammers have moved to using QR codes, including for Singpass, in their ploys
Scammers have diversified to include using QR codes in their ploys to dupe victims, with the police warning the public of two new scams involving the barcode.
Sengkang Neighbourhood Police Centre on Wednesday (Feb 23) warned of a scam involving a printed flier of a Grab food voucher giveaway and a QR code. The QR code leads to a request for personal details.
Grab clarified that it did not create the flier and does not have promotions which require users to scan a QR code to redeem vouchers, said the police centre.
This comes after the police said on Tuesday that a Singpass QR code scam has surfaced in which victims are asked to fill out surveys in exchange for monetary reward.
The scammers would send victims a Singpass QR code claiming that the victims had to verify their identity and accept the rewards, but the QR code is in fact a screenshot from a legitimate online service seeking authentification.
Many websites, including those of government agencies, telecoms companies, insurance firms and banks authenticate their services using Singpass.
By scanning the QR code and authorising the transaction, victims would be tricked into giving the scammers access to these online services.
Observers The Straits Times spoke to said that while QR code scanning by itself is safe when transactions on websites and cashier counters are initiated by the user, they urged the public to exercise caution and never scan a QR code sent by an unknown person on a messaging platform.
Singapore Polytechnic's School of Business assistant director Amos Tan told ST that customers might develop a fear of making online transactions but this should not affect the sales of merchants which can pivot to other payment methods.
"Scammers tend to move from one form of payment or method of collecting personal data to others once the method has been widely reported on and people know to look out for them... I don't believe sales will be affected but the method of transactions might be, in terms of where they take place," he said.
Mr Tan added that businesses could offer customers who are fearful of paying online the option of transacting in person.
They could also alert clients to phishing scams and send out messages to remind them that the company would not ask for personal details over the phone, he said.
Payment platforms ST contacted urged users of the QR code function to check the beneficiary or merchant details and the transacted amount before authorising payment.
The general manager of payment app Fave, Mr Keith Chen, said it was a shame that scammers are using a convenient tool to trick consumers.
He advised Fave users to scan QR codes using only the Fave app at physical stores with cashiers or online websites of Fave's merchants.
"We highly recommend that customers do not engage with QR codes that are shared via chat platforms from unauthorised or unknown contact," said Mr Chen.
A spokesman for Grab similarly said that the company will never send users QR codes via SMS or messaging platforms.
The spokesman urged users look out for signs of a potential phishing scam, such as an urgent call to action, the promise of attractive rewards, and suspicious links or attachments, including QR codes from unexpected or first-time senders.
Grab uses artificial intelligence, machine learning and experts to analyse and detect fraudulent or scam content to take down fake postings or illegal content, the spokesman added.
Grab users can call the company's fraud helpline on 6902-1036 if they are unsure about a message they have received.
How to avoid falling prey to Singpass QR code scam
- Never scan any Singpass QR code sent by someone else, advise the police, and scan the Singpass QR code on only the official website of the e-service that you want to access, or tap on Singpass QR codes on the official apps of these e-services.
- Always verify with official sources whether the information you have received is sent by the organisation and if authentication using the Singpass app is necessary.
- After scanning a Singpass QR code, always check the consent screen on the Singpass app to verify the digital service. Ensure that the domain URL displayed on the Singpass app matches that in the browser address bar.
- Never disclose your Singpass ID, password and two-factor authentication (2FA) details to others.
Suspicious activities can be reported to the Singpass helpdesk by calling 6335-3533.
Those with any information relating to such crimes, can call the police hotline on 1800-255-0000, or go to www.police.gov.sg/iwitness.
If urgent police assistance is required, call 999.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now