CASE alerts consumers to phishing emails impersonating its officers requesting for personal and bank details
The phishing email requests consumers to perform payment transactions to receive monetary compensation.
SINGAPORE: The Consumers Association of Singapore (CASE) on Tuesday (Oct 11) alerted consumers to phishing emails from "fictitious sender names" impersonating its officers after the mail server managed by its service provider was hacked.
The phishing emails, sent from two mailboxes - online-submission@ case.org.sg and mediator1@ case.org.sg - requested for consumers who had submitted complaints via CASE’s website to perform payment transactions to receive monetary compensation.
While these emails were sent from email addresses that CASE may have used to communicate with consumers, the latest notifications they receive did not originate from CASE, it said.
In these emails, consumers were asked to participate in the live chat, and approach bank partners to perform payment transactions relating to their complaints to receive monetary compensation.
"CASE will not direct consumers through email or live chat to visit another website to key in their bank details," it said.
CASE said it started receiving reports of the phishing emails on Oct 8, and as of Tuesday, 2pm, 5,095 phishing emails were sent.
CASE said that upon confirmation that the mail server managed by its service provider was hacked, it worked with its IT vendors to suspend the affected mailboxes and reconfigure the email accounts to stop more phishing emails from being sent.
"Our IT vendors have also conducted a thorough check and confirm that our databases and website remain secure," CASE said.
It added that investigations revealed that the unauthorised access was limited to consumers’ email addresses and all other personal information remains secure.
CASE advised consumers who received the email notifications not to click on the links and disclose personal and bank details.
Consumers who received these email notifications and consumers who performed the payment transactions should lodge a report with the police and the anti-scam hotline as soon as possible, it added.
CASE said that it has taken immediate action was taken "to establish the scope of the incident and its impact", adding that it is carrying out further investigations to "determine the root cause of this incident".
"We have reported the incident to the police and the Personal Data Protection Commission (PDPC) and are rendering our fullest cooperation to resolve this incident.
"We will also work with our IT vendors to strengthen our cyber security systems to avoid further recurrence."