Measures to protect Singaporeans against online scams

10 JAN 2024

Overview

  1. Globally, scams have emerged as a growing issue of concern and Singapore has not been spared. According to the Singapore Police Force’s Mid-Year Scams and Cybercrime Statistics 2023 [1], scammers are reaching out to victims via online and digital means, with messaging platforms, social media, phone calls, online shopping platforms and SMSes being the top five approach methods.

  2. The Government has taken bold and decisive moves to combat the risk of scams, and to foster a safe and trusted online environment. This allows Singaporeans to have confidence as they enjoy the opportunities brought by digitalisation.

Containing the impact of scams

  1. We have strengthened our ability to recover lost monies, and limit losses.

a. In 2022, the Singapore Police Force established the Anti-Scam Command (ASCom), to consolidate expertise and resources to combat scams. Staff from the major banks are co-located with the Police in the ASCom. In the first half of 2023, the ASCom froze over 9,000 bank accounts and recovered about $50.8 million.

b. We have also worked with banks and CPF Board to provide tools for victims to limit losses, should their accounts be compromised. For example, since October 2022, banks have provided users with a self-service emergency “kill-switch” to suspend their compromised bank accounts. From November 2023, banks have also introduced a new “Money Lock” feature, for customers to set aside an amount that cannot be digitally transferred or used. At the same time, CPF Board introduced a default daily limit of $2,000 for online CPF withdrawals, which cannot be increased without strong authentication. Members also have the option to reduce this limit to $0, to disable all online withdrawals.

Preventing scams

  1. We have also taken proactive measures to prevent scammers from approaching victims, and to deter scammers by imposing stricter enforcement measures.

a. Since 2019, IMDA has been strengthening our safeguards against scam calls and SMSes. This includes: (a) blocking calls from known scam numbers (2019) and spoofed local numbers (2022); (b) blocking robocalls, based on pattern recognition (2020); and (c) SMSes containing malicious content and links (2022). Overall, these efforts helped to block a total of more than 310 million potential scam calls in 2023. The volume of international calls attempting to spoof local numbers has also declined significantly, from 706 million in 2022 to 18 million in 2023.

b. Since January 2023, we have also made it mandatory to register all alphanumeric SMS sender IDs with the Singapore SMS Sender ID Registry (SSIR). This helps to prevent spoofing of legitimate sender IDs registered with the SSIR, and to ensure that messages from unregistered sender IDs are labelled as “Likely-SCAM”. Cases involving scam SMSes fell by 70% over three months, after mandating the SSIR.

c. Since 2022, we have required that users conduct facial verification for higher risk transactions, through Singpass. From June 2023, facial verification was also introduced as an additional safeguard for high-risk CPF e-services. Since then, there have been no further reports of malware-enabled scams involving unauthorised CPF withdrawals.

d. In May 2023, we amended our legislation[2] to impose harsher legal consequences for those who allow scammers to misuse their Singpass accounts, or their bank accounts. This includes those who sell their bank accounts, or disclose Singpass credentials, to help those committing a crime.

e. In July 2023, we passed the new Online Criminal Harms Act. This sets out ex-ante requirements that online platforms must adopt, to better protect their consumers. It also allows authorities to order swift blocking of fraudulent accounts or content, to protect other users from falling victim to scams.

Fostering a safe and trusted online environment

  1. We are also working with companies to ensure that they do more so that customers can enjoy a safe and secure environment as they interact online.

a. In response to the surge in malware scams in 2023, we worked with the major banks to identify solutions for fraud detection, and malware threats. This helps to safeguard accounts against the risk of unauthorised access. For instance, various banks have progressively enhanced their banking applications to block access from devices that may be infected with malware.

b. We have also enhanced our partnerships with industry players like Google to design new security features for user devices in Singapore. This ensures that devices and services are secure-by-design, to reduce the risk of malware-enabled scams.

c. In the first half of 2024, we will implement the Shared Responsibility Framework (SRF), to hold banks and telcos accountable for measures to protect their customers from phishing. This will also provide more expedient recourse for victims, if financial institutions and telecommunication operators are found to have failed to fulfil their anti-scam duties.

  1. While the government continues its efforts to keep our digital space safe, a vigilant and discerning public is key in the fight against scams. Through public education, we provide tools to empower the individuals to protect themselves against scams.

a. Individuals can “ACT” against scams, to protect themselves, and their communities. They can add the ScamShield app and necessary security features, check for tell- tale scam signs, and tell authorities or platform owners about scam encounters.

b. The public can also consult other consumer education tools, like the e-commerce Marketplace Transaction Safety Ratings (TSR) [3] and Internet Hygiene Portal (IHP)[4], to make more informed decisions when transacting online.

Infographic on measures to combat online scams

[1] https://www.police.gov.sg/-/media/9B26F6C9613B4760AC78D15EBCDB4048.ashx

[2] The amendments were made to the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, and the Computer Misuse Act.

[3] The E-commerce Marketplace TSR provides consumers with information on the anti-scam measures that the major e-commerce marketplaces have implemented. The safety rating assigned to each marketplace indicates the extent to which they have implemented measures that are critical to safeguard against e- commerce scams. These include verification of user identity via Government-issued records, and availability of secure payment options.

[4] The IHP provides users with information on the cyber hygiene of digital platforms, that is, an assessment of the Internet security of websites, email services and domain configurations.