Scammers use fake surveys and Singpass QR codes to access personal data and commit fraud
SINGAPORE: On Tuesday (Feb 22), the police warned the public about a new scam involving the misuse of Singpass QR codes, used by scammers to access digital services for fraudulent purposes.
According to a media release from the Singapore Police Force (SPF), scammers lure victims by offering fake surveys under the guise of reputable companies or organizations. These surveys are promoted through platforms like online forums and e-commerce sites.
Typically, the scammers communicate through WhatsApp and promise cash rewards for completing the surveys, aiming to gain the victims’ trust.
After participants finish the surveys, scammers ask them to scan a Singpass QR code using the Singpass app, claiming it is part of the verification process to retrieve their survey results and monetary rewards.
However, the SPF highlighted that these QR codes are screenshots from legitimate websites. Scanning them and approving transactions without careful checks grants the scammers access to the victim’s personal information and services.
Scammers exploit this access to register businesses, sign up for new mobile lines, or open bank accounts under the victim’s name, the police said.
Victims only discover the fraud when notified by their bank or telecom provider, or when they receive alerts in their Singpass Inbox that their personal data has been accessed.
The police reminded the public that Singpass requires user authentication through either biometrics or passcodes on personal devices, adding that Singpass QR codes are never sent via SMS or messaging apps like WhatsApp.
The SPF stressed that while Singpass has strict security protocols, the public should remain vigilant and follow proper security practices.
This includes verifying the domain URL displayed on the Singpass app matches the digital service’s website and avoiding logging in if they do not match.
The police advised users to only scan Singpass QR codes from official e-service websites or official apps, and always verify with trusted sources if the information is legitimate.
After scanning a Singpass QR code, users should carefully check the consent screen to ensure the legitimacy of the service they are accessing, the SPF warned.
They added that users should make sure the URL on their Singpass app matches that of the browser, and avoid logging in if there is a discrepancy.
Lastly, the SPF cautioned users to never share their Singpass ID, password, or Two-Factor Authentication (2FA) details with anyone and report suspicious activity to the Singpass helpdesk at 6335 3533.
This warning comes as Singapore saw a surge in scam cases last year, with 23,931 reported incidents, accounting for more than half of all crimes reported in the country.
