Government reviewing its use of SMS, clickable links to prevent phishing scams

SINGAPORE: The Government is reviewing its use of SMS and clickable links in communicating with the public, as part of a suite of measures to counter phishing scams.

In a statement on Friday (Jan 21), the Smart Nation Digital Government Group (SNDGG) said that the public is “understandably concerned about the safety of their communications with government agencies”.

This comes after a spate of online banking scams, in which OCBC customers lost at least S$8.5 million. Victims received an SMS from scammers posing as the bank, which claimed there were issues with their accounts or credit card.

“Although smartphone access is high, SMS communications has provided widespread access to citizens who either do not own smartphones or use apps,” SNDGG said.

However, it also noted that removing clickable links for low-risk transactions also has implications beyond reducing accessibility and inclusion.

“Scammers will redirect their efforts through other means, such as emails, to trick the public into visiting spoofed websites,” it said.

Government agencies are currently required to send links ending with “.gov.sg”, so that members of the public can easily identify trusted links.

“We will ensure that all agencies adhere to this rule,” the office said, adding that it will increase efforts to raise public awareness on verifying that a link is a valid government link before clicking on it.

Other measures will be taken to better protect users, including onboarding all government agencies into the SenderID protection registry.

“This will make it more difficult for attackers to send spoofed messages disguised as government agencies and facilitate tracing efforts by the Ministry of Home Affairs to catch scammers,” it said.

It added that will also explore the use of other channels such as an inbox, like the one in the Singpass mobile application, for members of the public to receive messages from government agencies.

“We will also work with agencies to strengthen the system to detect fraudulent log-in attempts from different locations and devices, and trigger step-up authentication, such as requiring a biometric (face) verification for higher-risk transactions,” it said.

Users can also use the ScamShield app to help prevent scam messages and calls from reaching users, said SNDGG.

The app identifies and filters scam messages through the identification of key words using artificial intelligent. It also blocks messages and phone calls from numbers used in other scam cases or reported by other ScamShield users.

“These two functions reduce the likelihood of scammers reaching intended victims,” SNDGG said.

The application is currently available for iOS users, with the Government working on a version for Android users.