Singapore orders Google, Apple to take measures to prevent government impersonation scam messages
The number of government impersonation scams nearly tripled in the first half of 2025.
A 3D printed Google logo is placed on an Apple Macbook in this illustration taken on Apr 12, 2020. (Image: Reuters/Dado Ruvic)
This audio is generated by an AI tool.
SINGAPORE: The Singapore Police Force on Monday (Nov 24) ordered Apple and Google to take steps to prevent government impersonation scam messages on iMessage and Google Messages.
These measures are aimed at preventing the spoofing of "gov.sg" SMS sender ID and government agency names, said the Ministry of Home Affairs (MHA) in a press release on Tuesday.
Spoofing refers to a technique cybercriminals use to disguise themselves as a known or trusted source.
The mandated measures include preventing accounts and group chats from displaying names that spoof "gov.sg" or government agencies, or filtering messages from accounts and group chats with such names.
Apple and Google must also ensure that the profile names of unknown senders are not displayed, or displayed less prominently, than their phone numbers, said MHA.
“This would help users better identify and be wary of unknown senders,” it added.
The implementation directives, which were issued by the police under the Online Criminal Harms Act, require the companies to comply by Sunday.
Apple and Google have indicated that they will comply with the directives, said MHA.
"We urge the public to regularly update the iMessage and Google Messages apps on their mobile devices, to ensure that the latest anti-spoofing safeguards are in place," added the ministry.
Government official impersonation scams are on the rise.
According to police data, the number of such cases reported almost tripled in the first half of 2025, increasing by 199.2 per cent to 1,762 cases, up from 589 cases during the same period last year.
Such cases also recorded the second-highest loss among all scam types in the first half of this year, with about S$126.5 million (US$97 million) lost.
Government official impersonation scams accounted for about 28 per cent of all scam cases and 34 per cent of all scam losses in the first half of the year.
To protect the public from such scams, government agencies have been using the "gov.sg" sender ID to send SMSes to make legitimate government messages easily identifiable.
"While we have imposed this and other safeguards like the SMS Sender ID Registry (SSIR) on SMSes, they currently do not apply to messages sent via iMessage and Google Messages," said MHA.
The "gov.sg" sender ID is not used to send messages via iMessage and Google Messages, said the ministry.
Some people might assume that the iMessages or Google Messages that they receive from scam accounts claiming to be from "gov.sg" are legitimate, as they are not easily distinguishable from official SMSes.
"The police have already seen scams involving the impersonation of other SSIR-registered SMS sender IDs on iMessage and Google Messages," said the ministry.
These include over 120 cases involving the impersonation of SingPost, it added.
"There is therefore a need to put in place measures to deter the abuse of iMessage and Google Messages by scammers."
In response to CNA's queries, a Google spokesperson said the company shares Singapore's goal of keeping Singaporeans safe online.
"To that end, we are collaborating with the government to implement pre-emptive measures to help prevent the spoofing of government agencies’ names in RCS messages sent via Google Messages."
RCS messages, which refer to Rich Communication Services messages, are a type of text message that is sent over mobile data and Wi-Fi.
"This builds on our robust protections designed to combat scams, such as proactive spam filtering, and AI-powered scam detection on Google Messages to analyse and detect scams real-time,” said Google.
Apple told CNA that from Nov 29, it would be removing features on iMessage that allow users to add a name and a display photo to group chats.
These changes complement other scam prevention measures introduced in Apple’s latest software, said the company.
Apple’s iOS 26 already includes built-in spam filtering in its Messages app, which automatically routes spam and junk messages to a dedicated spam folder. By default, the app also automatically disables links in messages filtered as spam.
The Online Criminal Harms Act, passed in July 2023, allows the relevant authority to issue directives to online service providers to put in place any system, process or measure, if the authority is satisfied that this is necessary or expedient to address a relevant offence.
Online service providers that fail to comply with the implementation directive without a reasonable excuse may be fined up to S$1 million.
In the case of a continuing offence, they may be further fined up to S$100,000 for every day or part of a day during which the offence continues after conviction.
The Singapore government previously ordered Meta to put in place measures such as facial recognition to curb Facebook impersonation scams.
Editor's note: An earlier version of this article quoted a Google spokesperson as saying there were no known government impersonation cases reported on Rich Communication Services (RCS) messages on Android phones. Google has since retracted that comment.
