Police warn against scanning of Singpass QR codes sent via SMS, WhatsApp , Latest Singapore News - The New Paper
Singapore

Police warn against scanning of Singpass QR codes sent via SMS, WhatsApp

This article is more than 12 months old
Police warn against scanning of Singpass QR codes sent via SMS, WhatsApp
When the victims completed the surveys, the scammers would ask them to scan a Singpass QR code with their Singpass app.PHOTO: LIANHE ZAOBAO
Jean Iau
Feb 23, 2022 10:03 am

A new type of scam has emerged, tricking people into using their Singpass app to scan Singpass QR codes sent via SMS to authorise access into digital services.

The police on Tuesday (Feb 22) warned that scammers could misuse the access by registering businesses, subscribing for new mobile lines, or opening new bank accounts under the victim's name. These registrations could be for illicit purposes.

The police warned against scanning QR codes delivered via SMS and messaging platforms like WhatsApp. In the same way, people should not click on embedded links in SMS and messages.

Here's how the scam works:

1. Promise of monetary rewards

Scammers would create fake surveys and recruit participants through online forums and e-commerce sites.

The surveys were purportedly conducted for reputable companies or organisations in Singapore. They would usually communicate with the victims through WhatsApp and promise them monetary rewards in exchange for filling up the surveys.

Victims saw advertisements or posts promoting heavily discounted items on social media platforms such as Instagram, Facebook and TikTok, said the police.
Singapore

Victims lose $162k to socmed phishing scam in September

Related Stories

Police emergency SMS sender ID changed to 70999 from Oct 1

3 arrested for suspected money mule activities, $500k seized

SM Lee warns of messages from scammers impersonating Customs

2. Request to scan QR codes

When the victims completed the surveys, the scammers would ask them to scan a Singpass QR code with their Singpass app, claiming it was part of a verification process to retrieve the survey results to disburse the rewards.

But the Singpass QR code provided by the scammers was a screenshot from legitimate websites. Many websites including those of government agencies, telcos, insurance firms and banks authenticate services using Singpass. By scanning the QR code and authorising the transaction without further checks, victims would be tricked into giving the scammers access to all sorts of online services.

3. Unauthorised transactions

Scammers had used the access to register businesses, subscribe for new mobile lines, or open new bank accounts under the victim's name. These registrations could be for illicit purposes.

4. Notifications

Victims would only realise something had gone wrong when theyreceived notifications of these transactions by their telecommunications service providers or banks, or when an alert in their Singpass Inbox showed that their personal detailshad been retrieved.

More On This Topic
People tricked into granting scammers Singpass access in QR code scam
Stop scams: Counting the cost of love, sex and money scams

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

SCAMSpoliceSINGPASS