The Singapore-wide payment system PayNow, which enables convenient money transfer for retail customers of banks and non-banking financial institutions, is the latest bait in the ever-increasing list of ways in which scammers target people’s wallets.
An advisory issued by the Singapore Police Force has given details of how scam SMSes are being sent to people, directing them to a PayNow phishing (fake) website.
A phishing website is one that mimics a genuine website, and the look and wording of the fake website very closely match that of the real website. As scam technologies get more and more advanced, many users are unable to distinguish between the fake and the real thing. Phishing websites take advantage of this to force the user to carry out a transaction, through which they steal user data.
The Singapore Police media release said: “In this scam [PayNow] campaign, victims would receive a text message stating – ‘Pay Now: Your certificate expires in 3 days. Renew it now at <URL link> to keep your services active’. Victims who click on the URL embedded in the message would be redirected to a fake PayNow phishing website.”
The police said: “The fake [PayNow] website would state that the victim’s PayNow certificate was expiring in a few days and [renewal would] require the victim to key in credit card details and other personal details (e.g. phone number, billing address, name, date of birth, email).”
Making potential targets aware of how PayNow works, Singapore Police said: “Members of [the] public should note that PayNow does not have a website that allows you to key in personal and credit card details. All details provided to PayNow should be through the banks’ official sites or applications. PayNow does not issue any digital certificates to members of [the] public. If in doubt, PayNow users can contact your respective banks through their official hotlines for assistance.”
Stating this, the Singapore Police advisory drew people’s attention to some standard precautionary measures:
● ADD – Add the ScamShield app and set security features (e.g. set up transaction limits for Internet banking transactions / credit/debit card transactions, enable Two-Factor Authentication (2FA), Multifactor Authentication for banks and e-wallets, use the Money Lock feature of your bank to “lock up” a portion of your money so that it cannot be transferred out digitally by anyone, further protecting your savings from scams). Add and use only official banking apps downloaded from official app stores (Google Play Store or Apple App Store) to make transfers or payments.
● CHECK – Do not use clickable links or QR codes provided by unknown persons. Check for scam signs with official sources such as the ScamShield Helpline (1799). You can also check the legitimacy of suspicious messages, phone numbers and website links via the ScamShield app or visit the ScamShield website at www.scamshield.gov.sg.
● TELL – Tell the authorities, family, and friends about scams. Report the fraudulent advertisements or listings to the respective platforms. If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent police assistance, please dial ‘999’.
