SINGAPORE: There is a potential global phishing campaign purporting to help businesses during the COVID-19 pandemic – and Singapore is reportedly among the six countries targeted, the Singapore Computer Emergency Response Team (SingCERT) said on Friday (Jun 19).
The bogus campaign will be centred on government support for businesses and individuals relating to COVID-19, SingCERT said.
Earlier on Friday, the Ministry of Manpower cautioned the public about such phishing schemes.
It said hackers plan to use a spoofed email address - firstname.lastname@example.org - to bait recipients to click on the embedded phishing link.
"These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information," said MOM.
SingCERT later provided more details about the phishing campaign.
A report, said SingCERT, claimed the campaign is set to launch in Singapore on Jun 21 and will offer businesses an additional support of S$750 for their employees.
“Although the report suggests that the phishing campaign in Singapore would spoof the Ministry of Manpower and is targeted at businesses using COVID-themed lures, there are always ongoing phishing attempts by various cyber criminals who use different themes or lures, and spoof different entities,” SingCERT explained.
“This is because phishing remains a common and effective technique by cyber criminals to gain access to individuals' accounts, deliver malware to victims, or trick victims into revealing sensitive information including account credentials, bank account numbers and credit card numbers.”
HOW TO STAY SAFE
In light of the situation, the Cyber Security Agency of Singapore (CSA) has reached out to relevant parties to notify them about the potential phishing campaign as well.
“Opportunistic cyber criminals have been using the COVID-19 situation to conduct malicious cyber activities and with the increasing reliance on the Internet during this period, it is important to be vigilant,” CSA warned.
SingCERT outlined ways businesses and individuals can be vigilant, including verifying the authenticity of unsolicited emails requesting sensitive information or financial payments. This verification can be done by checking with the sender through an alternative medium.
SingCERT also advised against avoiding clicking on links or attachments found in emails or text messages from unknown senders. It also recommended double-checking details to verify the authenticity even if the message comes from someone familiar.
Government websites will only use .gov.sg links, except for some websites which the public are already familiar with like skillsfuture.sg, onemotoring.com.sg and ns.sg. Any Government link shorteners will only be on a go.gov.sg link URL, SingCERT added.